Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1900-1 (postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4)
The remote host is missing an update to postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4
announced via advisory DSA 1900-1.

Several vulnerabilities have been discovered in PostgreSQL, an SQL
database system. The Common Vulnerabilities and Exposures project
identifies the following problems:


Authenticated users can shut down the backend server by re-LOAD-ing
libraries in $libdir/plugins, if any libraries are present there.
(The old stable distribution (etch) is not affected by this issue.)


Authenticated non-superusers can gain database superuser privileges if
they can create functions and tables due to incorrect execution of
functions in functional indexes.


If PostgreSQL is configured with LDAP authentication, and the LDAP
configuration allows anonymous binds, it is possible for a user to
authenticate themselves with an empty password. (The old stable
distribution (etch) is not affected by this issue.)

In addition, this update contains reliability improvements which do
not target security issues.

For the old stable distribution (etch), these problems have been fixed
in version 7.4.26-0etch1 of the postgresql-7.4 source package, and
version 8.1.18-0etch1 of the postgresql-8.1 source package.

For the stable distribution (lenny), these problems have been fixed in
version 8.3.8-0lenny1 of the postgresql-8.3 source package.

For the unstable distribution (sid), these problems have been fixed in
version 8.3.8-1 of the postgresql-8.3 source package, and version
8.4.1-1 of the postgresql-8.4 source package.

We recommend that you upgrade your PostgreSQL packages.


CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-3229
BugTraq ID: 36314
Bugtraq: 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server (Google Search)
Debian Security Information: DSA-1900 (Google Search)
HPdes Security Advisory: HPSBMU02781
HPdes Security Advisory: SSRT100617
SuSE Security Announcement: SUSE-SR:2009:016 (Google Search)
SuSE Security Announcement: SUSE-SR:2009:017 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2009-3230
Common Vulnerability Exposure (CVE) ID: CVE-2009-3231
CopyrightCopyright (c) 2009 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.