ID de Prueba:	1.3.6.1.4.1.25623.1.0.66681
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2009:333 (postgresql)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to postgresql announced via advisory MDVSA-2009:333. Multiple vulnerabilities was discovered and corrected in postgresql: NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue (CVE-2009-4034). Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (CVE-2009-4136). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:333 http://www.postgresql.org/support/security Risk factor : High CVSS Score: 6.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4034 1023325 http://www.securitytracker.com/id?1023325 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server http://www.securityfocus.com/archive/1/509917/100/0/threaded 37334 http://www.securityfocus.com/bid/37334 37663 http://secunia.com/advisories/37663 61038 http://osvdb.org/61038 ADV-2009-3519 http://www.vupen.com/english/advisories/2009/3519 FEDORA-2009-13363 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html FEDORA-2009-13381 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 MDVSA-2009:333 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 SSRT100617 SUSE-SR:2010:001 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.postgresql.org/docs/current/static/release-7-4-27.html http://www.postgresql.org/docs/current/static/release-8-0-23.html http://www.postgresql.org/docs/current/static/release-8-1-19.html http://www.postgresql.org/docs/current/static/release-8-2-15.html http://www.postgresql.org/docs/current/static/release-8-3-9.html http://www.postgresql.org/docs/current/static/release-8-4-2.html http://www.postgresql.org/support/security.html Common Vulnerability Exposure (CVE) ID: CVE-2009-3230 BugTraq ID: 36314 http://www.securityfocus.com/bid/36314 Bugtraq: 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server (Google Search) Debian Security Information: DSA-1900 (Google Search) http://www.us.debian.org/security/2009/dsa-1900 https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html HPdes Security Advisory: HPSBMU02781 HPdes Security Advisory: SSRT100617 http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10166 http://secunia.com/advisories/36660 http://secunia.com/advisories/36695 http://secunia.com/advisories/36727 http://secunia.com/advisories/36800 http://secunia.com/advisories/36837 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1 SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://www.ubuntu.com/usn/usn-834-1 http://www.vupen.com/english/advisories/2009/2602 Common Vulnerability Exposure (CVE) ID: CVE-2007-6600 BugTraq ID: 27163 http://www.securityfocus.com/bid/27163 Bugtraq: 20080107 PostgreSQL 2007-01-07 Cumulative Security Release (Google Search) http://www.securityfocus.com/archive/1/485864/100/0/threaded Bugtraq: 20080115 rPSA-2008-0016-1 postgresql postgresql-server (Google Search) http://www.securityfocus.com/archive/1/486407/100/0/threaded Debian Security Information: DSA-1460 (Google Search) http://www.debian.org/security/2008/dsa-1460 Debian Security Information: DSA-1463 (Google Search) http://www.debian.org/security/2008/dsa-1463 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html http://security.gentoo.org/glsa/glsa-200801-15.xml HPdes Security Advisory: HPSBTU02325 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 HPdes Security Advisory: SSRT080006 http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493 http://www.redhat.com/support/errata/RHSA-2008-0038.html http://www.redhat.com/support/errata/RHSA-2008-0039.html http://www.redhat.com/support/errata/RHSA-2008-0040.html http://securitytracker.com/id?1019157 http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http://secunia.com/advisories/28479 http://secunia.com/advisories/28679 http://secunia.com/advisories/28698 http://secunia.com/advisories/29638 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 SuSE Security Announcement: SUSE-SA:2008:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html https://usn.ubuntu.com/568-1/ http://www.vupen.com/english/advisories/2008/0061 http://www.vupen.com/english/advisories/2008/0109 http://www.vupen.com/english/advisories/2008/1071/references XForce ISS Database: postgresql-indexfunctions-priv-escalation(39496) https://exchange.xforce.ibmcloud.com/vulnerabilities/39496 Common Vulnerability Exposure (CVE) ID: CVE-2009-4136 1023326 http://www.securitytracker.com/id?1023326 37333 http://www.securityfocus.com/bid/37333 39820 http://secunia.com/advisories/39820 61039 http://osvdb.org/61039 ADV-2010-1197 http://www.vupen.com/english/advisories/2010/1197 RHSA-2010:0427 http://www.redhat.com/support/errata/RHSA-2010-0427.html RHSA-2010:0428 http://www.redhat.com/support/errata/RHSA-2010-0428.html RHSA-2010:0429 http://www.redhat.com/support/errata/RHSA-2010-0429.html https://bugzilla.redhat.com/show_bug.cgi?id=546321 oval:org.mitre.oval:def:9358 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9358
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.