Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200502-08
HistoryFeb 07, 2005 - 12:00 a.m.

PostgreSQL: Multiple vulnerabilities

2005-02-0700:00:00
Gentoo Foundation
security.gentoo.org
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

JSON

Background

PostgreSQL is a SQL compliant, open source object-relational database management system.

Description

PostgreSQL’s contains several vulnerabilities:

  • John Heasman discovered that the LOAD extension is vulnerable to local privilege escalation (CAN-2005-0227).
  • It is possible to bypass the EXECUTE permission check for functions (CAN-2005-0244).
  • The PL/PgSQL parser is vulnerable to heap-based buffer overflow (CAN-2005-0244).
  • The intagg contrib module is vulnerable to a Denial of Service (CAN-2005-0246).

Impact

An attacker could exploit this to execute arbitrary code with the privileges of the PostgreSQL server, bypass security restrictions and crash the server.

Workaround

There is no know workaround at this time.

Resolution

All PostgreSQL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose dev-db/postgresql
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/postgresql< 7.3.10UNKNOWN

Related

openvas 15
nessus 13
redhat 3
freebsd 2
ubuntu 1
ubuntucve 5
postgresql 4
cve 5
osv 2
debian 2
suse 2
securityvulns 1
openvas
openvas
Gentoo Security Advisory GLSA 200502-08 (postgresql)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200502-08 (postgresql)
2008-09-24 00:00:00
SLES9: Security update for postgresql
2009-10-10 00:00:00
nessus
nessus
GLSA-200502-08 : PostgreSQL: Multiple vulnerabilities
2005-02-14 00:00:00
Mandrake Linux Security Advisory : postgresql (MDKSA-2005:040)
2005-02-18 00:00:00
RHEL 4 : postgresql (RHSA-2005:138)
2005-02-22 00:00:00
redhat
redhat
(RHSA-2005:141) rh-postgresql security update
2005-02-14 00:00:00
(RHSA-2005:138) postgresql security update
2005-02-15 00:00:00
(RHSA-2005:150) postgresql security update
2005-02-16 00:00:00
freebsd
freebsd
postgresql -- multiple vulnerabilities
2005-02-01 00:00:00
postgresql -- privilege escalation vulnerability
2005-01-21 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2005-02-11 00:00:00
ubuntucve
ubuntucve
CVE-2005-0246
2005-05-02 00:00:00
CVE-2005-0244
2005-05-02 00:00:00
CVE-2005-0227
2005-05-02 00:00:00
postgresql
postgresql
Vulnerability in contrib module (CVE-2005-0246)
2005-05-02 04:00:00
Vulnerability in core server (CVE-2005-0245)
2005-02-01 05:00:00
Vulnerability in core server (CVE-2005-0227)
2005-05-02 04:00:00
cve
cve
CVE-2005-0246
2005-05-02 04:00:00
CVE-2005-0244
2005-05-02 04:00:00
CVE-2005-0227
2005-05-02 04:00:00
osv
osv
postgresql - privilege escalation
2005-02-04 00:00:00
postgresql - buffer overflows
2005-02-15 00:00:00
debian
debian
[SECURITY] [DSA 683-1] New postgresql packages fix arbitrary code execution
2005-02-15 16:03:24
[SECURITY] [DSA 683-1] New postgresql packages fix arbitrary code execution
2005-02-15 16:03:24
suse
suse
remote code execution in cvs
2005-04-18 14:31:00
race condition, arbitrary code execution in sudo
2005-06-24 12:44:43
securityvulns
securityvulns
[Full-disclosure] SUSE Security Announcement: cvs &#40;SUSE-SA:2005:024&#41;
2005-04-18 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

JSON
Related for GLSA-200502-08
openvas15nessus13redhat3freebsd2ubuntu1ubuntucve5postgresql4cve5osv2debian2suse2securityvulns1