Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 Tenable Network Security, Inc.DEBIAN_DLA-1169.NASL
HistoryNov 13, 2017 - 12:00 a.m.

Debian DLA-1169-1 : postgresql-common security update

2017-11-1300:00:00
This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.
www.tenable.com
10
JSON

A security vulnerability has been found in postgresql-common, Debian’s PostgreSQL database cluster management tools.

CVE-2017-8806

It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

For Debian 7 ‘Wheezy’, these problems have been fixed in version 134wheezy6.

We recommend that you upgrade your postgresql-common packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1169-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(104502);
  script_version("3.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_name(english:"Debian DLA-1169-1 : postgresql-common security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A security vulnerability has been found in postgresql-common, Debian's
PostgreSQL database cluster management tools.

CVE-2017-8806

It was discovered that the pg_ctlcluster, pg_createcluster and
pg_upgradecluster commands handled symbolic links insecurely which
could result in local denial of service by overwriting arbitrary
files.

For Debian 7 'Wheezy', these problems have been fixed in version
134wheezy6.

We recommend that you upgrade your postgresql-common packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2017/11/msg00014.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/postgresql-common"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-client-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-contrib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-server-dev-all");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/11/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

# Temp disable
exit(1, 'Temporarily disabled.');

include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"postgresql", reference:"134wheezy6")) flag++;
if (deb_check(release:"7.0", prefix:"postgresql-client", reference:"134wheezy6")) flag++;
if (deb_check(release:"7.0", prefix:"postgresql-client-common", reference:"134wheezy6")) flag++;
if (deb_check(release:"7.0", prefix:"postgresql-common", reference:"134wheezy6")) flag++;
if (deb_check(release:"7.0", prefix:"postgresql-contrib", reference:"134wheezy6")) flag++;
if (deb_check(release:"7.0", prefix:"postgresql-doc", reference:"134wheezy6")) flag++;
if (deb_check(release:"7.0", prefix:"postgresql-server-dev-all", reference:"134wheezy6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxpostgresql-client-commonp-cpe:/a:debian:debian_linux:postgresql-client-common
debiandebian_linuxpostgresql-commonp-cpe:/a:debian:debian_linux:postgresql-common
debiandebian_linuxpostgresql-contribp-cpe:/a:debian:debian_linux:postgresql-contrib
debiandebian_linuxpostgresql-docp-cpe:/a:debian:debian_linux:postgresql-doc
debiandebian_linuxpostgresql-server-dev-allp-cpe:/a:debian:debian_linux:postgresql-server-dev-all
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0
debiandebian_linuxpostgresqlp-cpe:/a:debian:debian_linux:postgresql
debiandebian_linuxpostgresql-clientp-cpe:/a:debian:debian_linux:postgresql-client

Related

cve 1
openvas 4
prion 1
osv 2
nessus 2
debian 2
debiancve 1
ubuntu 2
ubuntucve 1
ibm 1
cve
cve
CVE-2017-8806
2017-11-13 09:29:00
openvas
openvas
Debian: Security Advisory (DLA-1169-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-4029-1)
2017-11-08 00:00:00
Ubuntu: Security Advisory (USN-3476-2)
2022-08-26 00:00:00
prion
prion
Design/Logic Flaw
2017-11-13 09:29:00
osv
osv
postgresql-common - security update
2017-11-09 00:00:00
postgresql-common - security update
2017-11-11 00:00:00
nessus
nessus
Debian DSA-4029-1 : postgresql-common - security update
2017-11-10 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : postgresql-common vulnerabilities (USN-3476-1)
2017-11-10 00:00:00
debian
debian
[SECURITY] [DLA-1169-1] postgresql-common security update
2017-11-11 11:12:11
[SECURITY] [DSA 4029-1] postgresql-common security update
2017-11-09 21:43:45
debiancve
debiancve
CVE-2017-8806
2017-11-13 09:29:00
ubuntu
ubuntu
postgresql-common vulnerabilities
2017-11-09 00:00:00
postgresql-common vulnerabilities
2017-11-27 00:00:00
ubuntucve
ubuntucve
CVE-2017-8806
2017-11-09 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.
2024-01-17 15:30:59
JSON
Related for DEBIAN_DLA-1169.NASL
cve1openvas4prion1osv2nessus2debian2debiancve1ubuntu2ubuntucve1ibm1