Lucene search
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2007-188.NASLHistorySep 26, 2007 - 12:00 a.m.
Mandrake Linux Security Advisory : postgresql (MDKSA-2007:188)
2007-09-2600:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
25
PostgreSQL 8.1 and probably later and earlier versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. (CVE-2007-3278)
PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. (CVE-2007-3279)
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access. (CVE-2007-3280)
Updated packages fix these issues, by requiring non-superusers who use /contrib/dblink to use only password authentication.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2007:188.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(26188);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2007-3278", "CVE-2007-3279", "CVE-2007-3280");
script_xref(name:"MDKSA", value:"2007:188");
script_name(english:"Mandrake Linux Security Advisory : postgresql (MDKSA-2007:188)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandrake Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"PostgreSQL 8.1 and probably later and earlier versions, when local
trust authentication is enabled and the Database Link library (dblink)
is installed, allows remote attackers to access arbitrary accounts and
execute arbitrary SQL queries via a dblink host parameter that proxies
the connection from 127.0.0.1. (CVE-2007-3278)
PostgreSQL 8.1 and probably later and earlier versions, when the
PL/pgSQL (plpgsql) language has been created, grants certain plpgsql
privileges to the PUBLIC domain, which allows remote attackers to
create and execute functions, as demonstrated by functions that
perform local brute-force password guessing attacks, which may evade
intrusion detection. (CVE-2007-3279)
The Database Link library (dblink) in PostgreSQL 8.1 implements
functions via CREATE statements that map to arbitrary libraries based
on the C programming language, which allows remote authenticated
superusers to map and execute a function from any library, as
demonstrated by using the system function in libc.so.6 to gain shell
access. (CVE-2007-3280)
Updated packages fix these issues, by requiring non-superusers who use
/contrib/dblink to use only password authentication."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'PostgreSQL for Linux Payload Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_cwe_id(264);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ecpg5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ecpg5-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pq4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pq4-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pq5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pq5-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libecpg5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libecpg5-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpq4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpq4-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpq5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpq5-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-contrib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-pl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-plperl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-plpgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-plpython");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-pltcl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql-test");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
script_set_attribute(attribute:"patch_publication_date", value:"2007/09/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/26");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64ecpg5-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64ecpg5-devel-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64pq4-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64pq4-devel-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libecpg5-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libecpg5-devel-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libpq4-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libpq4-devel-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"postgresql-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"postgresql-contrib-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"postgresql-devel-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"postgresql-docs-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"postgresql-pl-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"postgresql-plperl-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"postgresql-plpgsql-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"postgresql-plpython-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"postgresql-pltcl-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"postgresql-server-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"postgresql-test-8.1.10-0.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64ecpg5-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64ecpg5-devel-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64pq5-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64pq5-devel-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libecpg5-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libecpg5-devel-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libpq5-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libpq5-devel-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"postgresql-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"postgresql-contrib-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"postgresql-devel-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"postgresql-docs-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"postgresql-pl-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"postgresql-plperl-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"postgresql-plpgsql-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"postgresql-plpython-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"postgresql-pltcl-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"postgresql-server-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.1", reference:"postgresql-test-8.2.5-0.1mdv2007.1", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | lib64ecpg5 | p-cpe:/a:mandriva:linux:lib64ecpg5 |
| mandriva | linux | lib64ecpg5-devel | p-cpe:/a:mandriva:linux:lib64ecpg5-devel |
| mandriva | linux | lib64pq4 | p-cpe:/a:mandriva:linux:lib64pq4 |
| mandriva | linux | lib64pq4-devel | p-cpe:/a:mandriva:linux:lib64pq4-devel |
| mandriva | linux | lib64pq5 | p-cpe:/a:mandriva:linux:lib64pq5 |
| mandriva | linux | lib64pq5-devel | p-cpe:/a:mandriva:linux:lib64pq5-devel |
| mandriva | linux | libecpg5 | p-cpe:/a:mandriva:linux:libecpg5 |
| mandriva | linux | libecpg5-devel | p-cpe:/a:mandriva:linux:libecpg5-devel |
| mandriva | linux | libpq4 | p-cpe:/a:mandriva:linux:libpq4 |
| mandriva | linux | libpq4-devel | p-cpe:/a:mandriva:linux:libpq4-devel |
Related
openvas
openvas
Mandriva Update for postgresql MDKSA-2007:188 (postgresql)
2009-04-09 00:00:00
Mandriva Update for postgresql MDKSA-2007:188 (postgresql)
2009-04-09 00:00:00
CentOS Update for rh-postgresql CESA-2008:0039 centos3 i386
2009-02-27 00:00:00
securityvulns
securityvulns
PostgreSQL dblink library multiple security vulnerabilities
2007-09-26 00:00:00
[ MDKSA-2007:188 ] - Updated postgresql packages prevent access abuse using dblink
2007-09-26 00:00:00
PostgreSQL 2007-01-07 Cumulative Security Release
2008-01-08 00:00:00
prion
prion
Sql injection
2007-06-19 21:30:00
Design/Logic Flaw
2007-06-19 21:30:00
Default credentials
2007-06-19 21:30:00
cve
cve
redhatcve
redhatcve
CVE-2007-3280
2015-10-30 09:52:34
CVE-2007-3279
2015-10-30 10:14:50
exploitdb
exploitdb
PostgreSQL for Linux Payload Execution
2012-12-13 00:00:00
ubuntucve
ubuntucve
veracode
veracode
Privilege Escalation
2020-04-10 00:19:39
redhat
redhat
(RHSA-2008:0039) Moderate: postgresql security update
2008-01-11 00:00:00
(RHSA-2008:0040) Moderate: postgresql security update
2008-02-01 00:00:00
(RHSA-2008:0038) Moderate: postgresql security update
2008-01-11 00:00:00
nessus
nessus
CentOS 3 : postgresql (CESA-2008:0039)
2008-01-14 00:00:00
RHEL 3 : postgresql (RHSA-2008:0039)
2008-01-14 00:00:00
Oracle Linux 3 : postgresql (ELSA-2008-0039)
2013-07-12 00:00:00
centos
centos
rh security update
2008-01-11 14:31:56
postgresql security update
2008-01-11 15:27:05
osv
osv
postgresql-8.1 - several
2008-01-13 00:00:00
postgresql-7.4 - several
2008-01-14 00:00:00
debian
debian
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2008-01-29 00:00:00
oraclelinux
oraclelinux
Moderate: postgresql security update
2008-01-11 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2008-01-14 00:00:00
Related for MANDRAKE_MDKSA-2007-188.NASL