English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51616
Category:Ubuntu Local Security Checks
Title:Ubuntu 4.10 USN-79-1 (postgresql)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to postgresql
announced via advisory USN-79-1.

The execution of custom PostgreSQL functions can be restricted with
the EXECUTE privilege. However, previous versions did not check this
privilege when executing a function which was part of an aggregate.
As a result, any database user could circumvent the EXECUTE restriction of
functions with a particular (but very common) parameter structure by
creating an aggregate wrapper around the function. (CVE-2005-0244)

Several buffer overflows have been discovered in the SQL parser. These
could be exploited by any database user to crash the PostgreSQL server
or execute arbitrary code with the privileges of the server.
(CVE-2005-0245, CVE-2005-0247)

Finally, this update fixes a Denial of Service vulnerability of the
contributed intagg module. By constructing specially crafted arrays,
a database user was able to corrupt and crash the PostgreSQL server.
(CVE-2005-0246). Please note that this module is part of the
postgresql-contrib package, which is not officially supported by
Ubuntu.

The following packages are affected:

postgresql
postgresql-contrib

Solution:
The problem can be corrected by upgrading the affected package to
version 7.4.5-3ubuntu0.4. In general, a standard system upgrade is
sufficient to effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-79-1

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0244
12417
http://www.securityfocus.com/bid/12417
12948
http://secunia.com/advisories/12948
20050210 [USN-79-1] PostgreSQL vulnerabilities
http://marc.info/?l=bugtraq&m=110806034116082&w=2
MDKSA-2005:040
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
RHSA-2005:138
http://www.redhat.com/support/errata/RHSA-2005-138.html
SUSE-SA:2005:036
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
[pgsql-hackers] 20050127 Permissions on aggregate component functions
http://archives.postgresql.org/pgsql-hackers/2005-01/msg00922.php
oval:org.mitre.oval:def:10927
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10927
postgresql-security-bypass(19184)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19184
Common Vulnerability Exposure (CVE) ID: CVE-2005-0245
DSA-683
http://www.debian.org/security/2005/dsa-683
RHSA-2005:150
http://www.redhat.com/support/errata/RHSA-2005-150.html
[pgsql-committers] 20050121 pgsql: Prevent overrunning a heap-allocated buffer is more than 1024
http://archives.postgresql.org/pgsql-committers/2005-01/msg00298.php
[pgsql-committers] 20050207 pgsql: Prevent 4 more buffer overruns in the PL/PgSQL parser.
http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
[pgsql-patches] 20050120 Re: WIP: pl/pgsql cleanup
http://archives.postgresql.org/pgsql-patches/2005-01/msg00216.php
oval:org.mitre.oval:def:10175
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10175
postgresql-cursor-bo(19188)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19188
Common Vulnerability Exposure (CVE) ID: CVE-2005-0246
[pgsql-committers] 20050127 pgsql: Fix security and 64-bit issues in contrib/intagg.
http://archives.postgresql.org/pgsql-committers/2005-01/msg00401.php
oval:org.mitre.oval:def:10148
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10148
postgresql-contribintagg-dos(19185)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19185
Common Vulnerability Exposure (CVE) ID: CVE-2005-0247
GLSA-200502-19
http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml
SUSE-SA:2005:027
http://www.novell.com/linux/security/advisories/2005_27_postgresql.html
oval:org.mitre.oval:def:9345
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9345
postgresql-fetch-makefetchstmt-bo(19378)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19378
postgresql-makeselectstmt-arbitrary-bo(19377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19377
postgresql-makeselectstmt-input-bo(19376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19376
postgresql-readsqlconstruct-bo(19375)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19375
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.