ID de Prueba:	1.3.6.1.4.1.25623.1.0.880858
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for rh-postgresql CESA-2009:1485 centos3 i386
Resumen:	The remote host is missing an update for the 'rh-postgresql'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'rh-postgresql' package(s) announced via the referenced advisory. Vulnerability Insight: PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0039 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) All PostgreSQL users should upgrade to these updated packages, which contain a backported patch to correct this issue. If you are running a PostgreSQL server, the postgresql service must be restarted for this update to take effect. Affected Software/OS: rh-postgresql on CentOS 3 Solution: Please install the updated packages. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3230 BugTraq ID: 36314 http://www.securityfocus.com/bid/36314 Bugtraq: 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server (Google Search) http://www.securityfocus.com/archive/1/509917/100/0/threaded Debian Security Information: DSA-1900 (Google Search) http://www.us.debian.org/security/2009/dsa-1900 https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html HPdes Security Advisory: HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 HPdes Security Advisory: SSRT100617 http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10166 http://secunia.com/advisories/36660 http://secunia.com/advisories/36695 http://secunia.com/advisories/36727 http://secunia.com/advisories/36800 http://secunia.com/advisories/36837 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1 SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://www.ubuntu.com/usn/usn-834-1 http://www.vupen.com/english/advisories/2009/2602 Common Vulnerability Exposure (CVE) ID: CVE-2007-6600 BugTraq ID: 27163 http://www.securityfocus.com/bid/27163 Bugtraq: 20080107 PostgreSQL 2007-01-07 Cumulative Security Release (Google Search) http://www.securityfocus.com/archive/1/485864/100/0/threaded Bugtraq: 20080115 rPSA-2008-0016-1 postgresql postgresql-server (Google Search) http://www.securityfocus.com/archive/1/486407/100/0/threaded Debian Security Information: DSA-1460 (Google Search) http://www.debian.org/security/2008/dsa-1460 Debian Security Information: DSA-1463 (Google Search) http://www.debian.org/security/2008/dsa-1463 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html http://security.gentoo.org/glsa/glsa-200801-15.xml HPdes Security Advisory: HPSBTU02325 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 HPdes Security Advisory: SSRT080006 http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493 http://www.redhat.com/support/errata/RHSA-2008-0038.html http://www.redhat.com/support/errata/RHSA-2008-0039.html http://www.redhat.com/support/errata/RHSA-2008-0040.html http://securitytracker.com/id?1019157 http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http://secunia.com/advisories/28479 http://secunia.com/advisories/28679 http://secunia.com/advisories/28698 http://secunia.com/advisories/29638 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 SuSE Security Announcement: SUSE-SA:2008:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html https://usn.ubuntu.com/568-1/ http://www.vupen.com/english/advisories/2008/0061 http://www.vupen.com/english/advisories/2008/0109 http://www.vupen.com/english/advisories/2008/1071/references XForce ISS Database: postgresql-indexfunctions-priv-escalation(39496) https://exchange.xforce.ibmcloud.com/vulnerabilities/39496
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.