Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51661
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:138
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2005:138.

A flaw in the LOAD command in PostgreSQL was discovered. A local user
could use this flaw to load arbitrary shared libraries and therefore
execute arbitrary code, gaining the privileges of the PostgreSQL server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0227 to this issue.

A permission checking flaw in PostgreSQL was discovered. A local user
could bypass the EXECUTE permission check for functions by using the CREATE
AGGREGATE command. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0244 to this issue.

Multiple buffer overflows were found in PL/PgSQL. A database user who has
permissions to create plpgsql functions could trigger this flaw which could
lead to arbitrary code execution, gaining the privileges of the PostgreSQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2005-0245 and CVE-2005-0247 to these issues.

A flaw in the integer aggregator (intagg) contrib module for PostgreSQL was
found. A user could create carefully crafted arrays and cause a denial of
service (crash). The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0246 to this issue.

The update also fixes some minor problems, notably conflicts with SELinux.

Users of postgresql should update to these erratum packages that contain
patches and are not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-138.html

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0227
BugTraq ID: 12411
http://www.securityfocus.com/bid/12411
Bugtraq: 20050201 [USN-71-1] PostgreSQL vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110726899107148&w=2
Debian Security Information: DSA-668 (Google Search)
http://www.debian.org/security/2005/dsa-668
http://security.gentoo.org/glsa/glsa-200502-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234
http://www.redhat.com/support/errata/RHSA-2005-138.html
http://www.redhat.com/support/errata/RHSA-2005-150.html
http://secunia.com/advisories/12948
SuSE Security Announcement: SUSE-SA:2005:036 (Google Search)
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
http://www.trustix.org/errata/2005/0003/
Common Vulnerability Exposure (CVE) ID: CVE-2005-0244
BugTraq ID: 12417
http://www.securityfocus.com/bid/12417
Bugtraq: 20050210 [USN-79-1] PostgreSQL vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110806034116082&w=2
http://archives.postgresql.org/pgsql-hackers/2005-01/msg00922.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10927
XForce ISS Database: postgresql-security-bypass(19184)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19184
Common Vulnerability Exposure (CVE) ID: CVE-2005-0245
Debian Security Information: DSA-683 (Google Search)
http://www.debian.org/security/2005/dsa-683
http://archives.postgresql.org/pgsql-committers/2005-01/msg00298.php
http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
http://archives.postgresql.org/pgsql-patches/2005-01/msg00216.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10175
XForce ISS Database: postgresql-cursor-bo(19188)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19188
Common Vulnerability Exposure (CVE) ID: CVE-2005-0246
http://archives.postgresql.org/pgsql-committers/2005-01/msg00401.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10148
XForce ISS Database: postgresql-contribintagg-dos(19185)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19185
Common Vulnerability Exposure (CVE) ID: CVE-2005-0247
http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9345
SuSE Security Announcement: SUSE-SA:2005:027 (Google Search)
http://www.novell.com/linux/security/advisories/2005_27_postgresql.html
XForce ISS Database: postgresql-fetch-makefetchstmt-bo(19378)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19378
XForce ISS Database: postgresql-makeselectstmt-arbitrary-bo(19377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19377
XForce ISS Database: postgresql-makeselectstmt-input-bo(19376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19376
XForce ISS Database: postgresql-readsqlconstruct-bo(19375)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19375
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.