The version of PostgreSQL installed on the remote host is 7.4 prior to 7.4.30, 8.0 prior to 8.0.26, 8.1 prior to 8.1.22, 8.2 prior to 8.2.18, 8.3 prior to 8.3.12, 8.4 prior to 8.4.5, or 9.0 prior to 9.0.1. It therefore is potentially affected by a privilege escalation vulnerability.
A remote, authenticated attacker could elevate privileges via specially crafted code in a SECURITY DEFINER function.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(63350);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/04");
script_cve_id("CVE-2010-3433");
script_bugtraq_id(43747);
script_name(english:"PostgreSQL 7.4 < 7.4.30 / 8.0 < 8.0.26 / 8.1 < 8.1.22 / 8.2 < 8.2.18 / 8.3 < 8.3.12 / 8.4 < 8.4.5 / 9.0 < 9.0.1");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by a privilege escalation
vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of PostgreSQL installed on the remote host is 7.4 prior to
7.4.30, 8.0 prior to 8.0.26, 8.1 prior to 8.1.22, 8.2 prior to 8.2.18,
8.3 prior to 8.3.12, 8.4 prior to 8.4.5, or 9.0 prior to 9.0.1. It
therefore is potentially affected by a privilege escalation
vulnerability.
A remote, authenticated attacker could elevate privileges via
specially crafted code in a SECURITY DEFINER function.");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/about/news/1244/");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/7.4/release.html#RELEASE-7-4-30");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/8.0/release.html#RELEASE-8-0-26");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/8.1/release-8-1-22.html");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/8.2/release-8-2-18.html");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/8.3/release-8-3-12.html");
script_set_attribute(attribute:"see_also", value:"http://www.postgresql.org/docs/8.4/static/release-8-4-5.html");
script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/9.0/release.html#RELEASE-9-0-1");
script_set_attribute(attribute:"solution", value:
"Upgrade to PostgreSQL 7.4.30 / 8.0.26 / 8.1.22 / 8.2.18 / 8.3.12 /
8.4.5 / 9.0.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-3433");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/10/01");
script_set_attribute(attribute:"patch_publication_date", value:"2010/10/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:postgresql:postgresql");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2012-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("postgresql_version.nbin");
script_require_ports("Services/postgresql", 5432);
exit(0);
}
include("audit.inc");
include("backport.inc");
include("global_settings.inc");
include("misc_func.inc");
port = get_service(svc:"postgresql", default:5432, exit_on_fail:TRUE);
version = get_kb_item_or_exit('database/'+port+'/postgresql/version');
source = get_kb_item_or_exit('database/'+port+'/postgresql/source');
database = get_kb_item('database/'+port+'/postgresql/database_name');
get_backport_banner(banner:source);
if (backported && report_paranoia < 2) audit(AUDIT_BACKPORT_SERVICE, port, 'PostgreSQL server');
ver = split(version, sep:'.');
for (i=0; i < max_index(ver); i++)
ver[i] = int(ver[i]);
if (
(ver[0] == 7 && ver[1] == 4 && ver[2] < 30) ||
(ver[0] == 8 && ver[1] == 0 && ver[2] < 26) ||
(ver[0] == 8 && ver[1] == 1 && ver[2] < 22) ||
(ver[0] == 8 && ver[1] == 2 && ver[2] < 18) ||
(ver[0] == 8 && ver[1] == 3 && ver[2] < 12) ||
(ver[0] == 8 && ver[1] == 4 && ver[2] < 5) ||
(ver[0] == 9 && ver[1] == 0 && ver[2] < 1)
)
{
if (report_verbosity > 0)
{
report = '';
if(database)
report += '\n Database name : ' + database;
report +=
'\n Version source : ' + source +
'\n Installed version : ' + version +
'\n Fixed version : 7.4.30 / 8.0.26 / 8.1.22 / 8.2.18 / 8.3.12 / 8.4.5 / 9.0.1\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, 'PostgreSQL', port, version);
Vendor | Product | Version | CPE |
---|---|---|---|
postgresql | postgresql | cpe:/a:postgresql:postgresql |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3433
www.postgresql.org/docs/8.4/static/release-8-4-5.html
www.postgresql.org/about/news/1244/
www.postgresql.org/docs/7.4/release.html#RELEASE-7-4-30
www.postgresql.org/docs/8.0/release.html#RELEASE-8-0-26
www.postgresql.org/docs/8.1/release-8-1-22.html
www.postgresql.org/docs/8.2/release-8-2-18.html
www.postgresql.org/docs/8.3/release-8-3-12.html
www.postgresql.org/docs/9.0/release.html#RELEASE-9-0-1