The version of PostgreSQL installed on the remote host is 8.4.x prior to 8.4.20, 9.0.x prior to 9.0.16, 9.1.x prior to 9.1.12, 9.2.x prior to 9.2.7 or 9.3.x prior to 9.3.3 and is potentially affected by multiple vulnerabilities :
SET ROLE bypasses lack of ADMIN OPTION when granting roles. (CVE-2014-0060)
It is possible to elevate privileges via calls to validator functions. (CVE-2014-0061)
It is possible to elevate privileges via a race condition in CREATE INDEX. (CVE-2014-0062)
Potential buffer overruns exist due to integer overflow in size calculations. (CVE-2014-0063)
Potential buffer overruns exist in datetime input/output. (CVE-2014-0064)
Multiple fixed-size buffers exist that could potentially be overflowed. (CVE-2014-0065)
A potential NULL pointer dereference crash is possible when crypt(3) returns NULL. (CVE-2014-0066)
Multiple integer overflow vulnerabilities exist in ‘hstore_io.c’. (CVE-2014-2669)
Binary data 8133.prm
Vendor | Product | Version | CPE |
---|---|---|---|
postgresql | postgresql | cpe:/a:postgresql:postgresql |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2669
www.postgresql.org/about/news/1506
www.postgresql.org/docs/8.4/static/release-8-4-20.html
www.postgresql.org/docs/9.0/static/release-9-0-16.html
www.postgresql.org/docs/9.1/static/release-9-1-12.html
www.postgresql.org/docs/9.2/static/release-9-2-7.html