Lucene search
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2003-102.NASLHistoryJul 31, 2004 - 12:00 a.m.
Mandrake Linux Security Advisory : postgresql (MDKSA-2003:102)
2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
8
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.116
Percentile
95.3%
Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type (ADT) to ASCII conversion functions. It is believed that, under the right circumstances, an attacker may use this vulnerability to execute arbitrary instructions on the PostgreSQL server.
The provided packages are patched to protect against this vulnerability and all users are encouraged to upgrade immediately.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2003:102.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(14084);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2003-0901");
script_xref(name:"MDKSA", value:"2003:102");
script_name(english:"Mandrake Linux Security Advisory : postgresql (MDKSA-2003:102)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandrake Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Two bugs were discovered that lead to a buffer overflow in PostgreSQL
versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type
(ADT) to ASCII conversion functions. It is believed that, under the
right circumstances, an attacker may use this vulnerability to execute
arbitrary instructions on the PostgreSQL server.
The provided packages are patched to protect against this
vulnerability and all users are encouraged to upgrade immediately."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libecpg3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libecpg3-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpgperl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpgsql2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpgsqlodbc0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpgtcl2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpgtcl2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpq3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpq3-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-contrib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-jdbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-pl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-tcl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-tk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");
script_set_attribute(attribute:"patch_publication_date", value:"2003/11/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libecpg3-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libpgperl-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libpgsql2-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libpgsqlodbc0-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"libpgtcl2-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"postgresql-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"postgresql-contrib-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"postgresql-devel-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"postgresql-docs-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"postgresql-jdbc-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"postgresql-python-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"postgresql-server-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"postgresql-tcl-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"postgresql-test-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"postgresql-tk-7.2.2-1.3.90mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libecpg3-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libecpg3-devel-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libpgtcl2-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libpgtcl2-devel-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libpq3-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libpq3-devel-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"postgresql-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"postgresql-contrib-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"postgresql-devel-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"postgresql-docs-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"postgresql-jdbc-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"postgresql-pl-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"postgresql-python-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"postgresql-server-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"postgresql-tcl-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"postgresql-test-7.3.2-5.1.91mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Related
redhat
redhat
(RHSA-2003:314) postgresql security update
2003-11-12 00:00:00
debian
debian
[SECURITY] [DSA 397-1] New PostgreSQL packages fix buffer overflow
2003-11-07 07:52:50
[SECURITY] [DSA 397-1] New PostgreSQL packages fix buffer overflow
2003-11-07 07:52:50
cve
cve
CVE-2003-0901
2003-11-03 05:00:00
osv
osv
postgresql - buffer overflow
2003-11-07 00:00:00
cvelist
cvelist
CVE-2003-0901
2003-10-30 05:00:00
openvas
openvas
Debian Security Advisory DSA 397-1 (postgresql)
2008-01-17 00:00:00
Debian Security Advisory DSA 397-1 (postgresql)
2008-01-17 00:00:00
nessus
nessus
PostgreSQL to_ascii() Function Remote Overflows
2003-11-04 00:00:00
RHEL 2.1 : postgresql (RHSA-2003:314)
2004-07-06 00:00:00
Debian DSA-397-1 : postgresql - buffer overflow
2004-09-29 00:00:00
nvd
nvd
CVE-2003-0901
2003-11-03 05:00:00
securityvulns
securityvulns
[OpenPKG-SA-2003.047] OpenPKG Security Advisory (postgresql)
2003-10-31 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.116
Percentile
95.3%
Related for MANDRAKE_MDKSA-2003-102.NASL