Test ID:	1.3.6.1.4.1.25623.1.0.840434
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-942-1)
Summary:	The remote host is missing an update for the 'postgresql-8.1, postgresql-8.3, postgresql-8.4' package(s) announced via the USN-942-1 advisory.
Description:	Summary: The remote host is missing an update for the 'postgresql-8.1, postgresql-8.3, postgresql-8.4' package(s) announced via the USN-942-1 advisory. Vulnerability Insight: It was discovered that the Safe.pm module as used by PostgreSQL did not properly restrict PL/perl procedures. If PostgreSQL was configured to use Perl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Perl code. (CVE-2010-1169) It was discovered that PostgreSQL did not properly check permissions to restrict PL/Tcl procedures. If PostgreSQL was configured to use Tcl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Tcl code. (CVE-2010-1170) It was discovered that PostgreSQL did not properly check privileges during certain RESET ALL operations. A remote authenticated attacker could exploit this to remove all special parameter settings for a user or database. (CVE-2010-1975) Affected Software/OS: 'postgresql-8.1, postgresql-8.3, postgresql-8.4' package(s) on Ubuntu 6.06, Ubuntu 8.04, Ubuntu 9.04, Ubuntu 9.10, Ubuntu 10.04. Solution: Please install the updated package(s). CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1169 1023988 http://www.securitytracker.com/id?1023988 39815 http://secunia.com/advisories/39815 39820 http://secunia.com/advisories/39820 39845 http://secunia.com/advisories/39845 39898 http://secunia.com/advisories/39898 39939 http://secunia.com/advisories/39939 40215 http://www.securityfocus.com/bid/40215 64755 http://osvdb.org/64755 ADV-2010-1167 http://www.vupen.com/english/advisories/2010/1167 ADV-2010-1182 http://www.vupen.com/english/advisories/2010/1182 ADV-2010-1197 http://www.vupen.com/english/advisories/2010/1197 ADV-2010-1198 http://www.vupen.com/english/advisories/2010/1198 ADV-2010-1207 http://www.vupen.com/english/advisories/2010/1207 ADV-2010-1221 http://www.vupen.com/english/advisories/2010/1221 DSA-2051 http://www.debian.org/security/2010/dsa-2051 FEDORA-2010-8696 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html FEDORA-2010-8715 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html FEDORA-2010-8723 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 MDVSA-2010:103 http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 RHSA-2010:0427 http://www.redhat.com/support/errata/RHSA-2010-0427.html RHSA-2010:0428 http://www.redhat.com/support/errata/RHSA-2010-0428.html RHSA-2010:0429 http://www.redhat.com/support/errata/RHSA-2010-0429.html RHSA-2010:0430 http://www.redhat.com/support/errata/RHSA-2010-0430.html SSRT100617 SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html [oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request http://www.openwall.com/lists/oss-security/2010/05/20/5 http://www.postgresql.org/about/news.1203 http://www.postgresql.org/docs/current/static/release-7-4-29.html http://www.postgresql.org/docs/current/static/release-8-0-25.html http://www.postgresql.org/docs/current/static/release-8-1-21.html http://www.postgresql.org/docs/current/static/release-8-2-17.html http://www.postgresql.org/docs/current/static/release-8-3-11.html http://www.postgresql.org/docs/current/static/release-8-4-4.html http://www.postgresql.org/support/security https://bugzilla.redhat.com/show_bug.cgi?id=582615 https://bugzilla.redhat.com/show_bug.cgi?id=588269 oval:org.mitre.oval:def:10645 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645 postgresql-safe-code-execution(58693) https://exchange.xforce.ibmcloud.com/vulnerabilities/58693 Common Vulnerability Exposure (CVE) ID: CVE-2010-1170 1023987 http://www.securitytracker.com/id?1023987 64757 http://osvdb.org/64757 https://bugzilla.redhat.com/show_bug.cgi?id=583072 oval:org.mitre.oval:def:10510 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10510 Common Vulnerability Exposure (CVE) ID: CVE-2010-1975 BugTraq ID: 40304 http://www.securityfocus.com/bid/40304 Debian Security Information: DSA-2051 (Google Search) HPdes Security Advisory: HPSBMU02781 HPdes Security Advisory: SSRT100617 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.