Test ID:	1.3.6.1.4.1.25623.1.0.67432
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:103 (postgresql)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to postgresql announced via advisory MDVSA-2010:103. Multiple vulnerabilities was discovered and corrected in postgresql: The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an overflow. (CVE-2010-0442). A flaw was found in the way the PostgreSQL server process enforced permission checks on scripts written in PL/Perl. A remote, authenticated user, running a specially-crafted PL/Perl script, could use this flaw to bypass PL/Perl trusted mode restrictions, allowing them to obtain sensitive information execute arbitrary Perl scripts or cause a denial of service (remove protected, sensitive data) (CVE-2010-1169). The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script (CVE-2010-1170). PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement (CVE-2010-1975). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 This update provides a solution to these vulnerabilities. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:103 http://www.postgresql.org/support/security Risk factor : Critical CVSS Score: 8.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0442 1023510 http://securitytracker.com/id?1023510 37973 http://www.securityfocus.com/bid/37973 39566 http://secunia.com/advisories/39566 39820 http://secunia.com/advisories/39820 39939 http://secunia.com/advisories/39939 ADV-2010-1022 http://www.vupen.com/english/advisories/2010/1022 ADV-2010-1197 http://www.vupen.com/english/advisories/2010/1197 ADV-2010-1207 http://www.vupen.com/english/advisories/2010/1207 ADV-2010-1221 http://www.vupen.com/english/advisories/2010/1221 DSA-2051 http://www.debian.org/security/2010/dsa-2051 MDVSA-2010:103 http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 RHSA-2010:0427 http://www.redhat.com/support/errata/RHSA-2010-0427.html RHSA-2010:0428 http://www.redhat.com/support/errata/RHSA-2010-0428.html RHSA-2010:0429 http://www.redhat.com/support/errata/RHSA-2010-0429.html USN-933-1 http://ubuntu.com/usn/usn-933-1 [oss-security] 20100127 Re: CVE id request: postgresql bitsubstr overflow http://www.openwall.com/lists/oss-security/2010/01/27/5 [pgsql-committers] 20100107 pgsql: Make bit/varbit substring() treat any negative length as meaning http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php [pgsql-hackers] 20100107 Re: Patch: Allow substring/replace() to get/set bit values http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83 http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html https://bugzilla.redhat.com/show_bug.cgi?id=559194 https://bugzilla.redhat.com/show_bug.cgi?id=559259 oval:org.mitre.oval:def:9720 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720 postgresql-substring-bo(55902) https://exchange.xforce.ibmcloud.com/vulnerabilities/55902 Common Vulnerability Exposure (CVE) ID: CVE-2010-1169 1023988 http://www.securitytracker.com/id?1023988 39815 http://secunia.com/advisories/39815 39845 http://secunia.com/advisories/39845 39898 http://secunia.com/advisories/39898 40215 http://www.securityfocus.com/bid/40215 64755 http://osvdb.org/64755 ADV-2010-1167 http://www.vupen.com/english/advisories/2010/1167 ADV-2010-1182 http://www.vupen.com/english/advisories/2010/1182 ADV-2010-1198 http://www.vupen.com/english/advisories/2010/1198 FEDORA-2010-8696 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html FEDORA-2010-8715 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html FEDORA-2010-8723 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 RHSA-2010:0430 http://www.redhat.com/support/errata/RHSA-2010-0430.html SSRT100617 SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html [oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request http://www.openwall.com/lists/oss-security/2010/05/20/5 http://www.postgresql.org/about/news.1203 http://www.postgresql.org/docs/current/static/release-7-4-29.html http://www.postgresql.org/docs/current/static/release-8-0-25.html http://www.postgresql.org/docs/current/static/release-8-1-21.html http://www.postgresql.org/docs/current/static/release-8-2-17.html http://www.postgresql.org/docs/current/static/release-8-3-11.html http://www.postgresql.org/docs/current/static/release-8-4-4.html http://www.postgresql.org/support/security https://bugzilla.redhat.com/show_bug.cgi?id=582615 https://bugzilla.redhat.com/show_bug.cgi?id=588269 oval:org.mitre.oval:def:10645 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645 postgresql-safe-code-execution(58693) https://exchange.xforce.ibmcloud.com/vulnerabilities/58693 Common Vulnerability Exposure (CVE) ID: CVE-2010-1170 1023987 http://www.securitytracker.com/id?1023987 64757 http://osvdb.org/64757 https://bugzilla.redhat.com/show_bug.cgi?id=583072 oval:org.mitre.oval:def:10510 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10510 Common Vulnerability Exposure (CVE) ID: CVE-2010-1975 BugTraq ID: 40304 http://www.securityfocus.com/bid/40304 Debian Security Information: DSA-2051 (Google Search) HPdes Security Advisory: HPSBMU02781 HPdes Security Advisory: SSRT100617 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.