Test ID:	1.3.6.1.4.1.25623.1.0.66643
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-876-1 (postgresql-8.4)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to postgresql-8.4 announced via advisory USN-876-1. Details follow: It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-4034) It was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL. (CVE-2009-4136) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postgresql-8.1 8.1.19-0ubuntu0.6.06 Ubuntu 8.04 LTS: postgresql-8.3 8.3.9-0ubuntu8.04 Ubuntu 8.10: postgresql-8.3 8.3.9-0ubuntu8.10 Ubuntu 9.04: postgresql-8.3 8.3.9-0ubuntu9.04 Ubuntu 9.10: postgresql-8.4 8.4.2-0ubuntu9.10 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-876-1 Risk factor : High CVSS Score: 6.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4034 1023325 http://www.securitytracker.com/id?1023325 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server http://www.securityfocus.com/archive/1/509917/100/0/threaded 37334 http://www.securityfocus.com/bid/37334 37663 http://secunia.com/advisories/37663 61038 http://osvdb.org/61038 ADV-2009-3519 http://www.vupen.com/english/advisories/2009/3519 FEDORA-2009-13363 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html FEDORA-2009-13381 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 MDVSA-2009:333 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 SSRT100617 SUSE-SR:2010:001 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.postgresql.org/docs/current/static/release-7-4-27.html http://www.postgresql.org/docs/current/static/release-8-0-23.html http://www.postgresql.org/docs/current/static/release-8-1-19.html http://www.postgresql.org/docs/current/static/release-8-2-15.html http://www.postgresql.org/docs/current/static/release-8-3-9.html http://www.postgresql.org/docs/current/static/release-8-4-2.html http://www.postgresql.org/support/security.html Common Vulnerability Exposure (CVE) ID: CVE-2009-4136 1023326 http://www.securitytracker.com/id?1023326 37333 http://www.securityfocus.com/bid/37333 39820 http://secunia.com/advisories/39820 61039 http://osvdb.org/61039 ADV-2010-1197 http://www.vupen.com/english/advisories/2010/1197 RHSA-2010:0427 http://www.redhat.com/support/errata/RHSA-2010-0427.html RHSA-2010:0428 http://www.redhat.com/support/errata/RHSA-2010-0428.html RHSA-2010:0429 http://www.redhat.com/support/errata/RHSA-2010-0429.html https://bugzilla.redhat.com/show_bug.cgi?id=546321 oval:org.mitre.oval:def:9358 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9358
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.