ID SUSE_SA_2002_038.NASL Type nessus Reporter Tenable Modified 2016-12-27T00:00:00
Description
The remote host is missing the patch for the advisory SUSE-SA:2002:038 (postgresql).
The PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems.
The buffer overflows are located in:
handling long datetime input
lpad() and rpad() function with multibyte
repeat() function
TZ and SET TIME ZONE environment variables These bugs could just be exploited by attackers who have access to the postgresql server to gain the privileges postgres user ID .
The PostgreSQL package is not installed by default.
A temporary fix is not known.
Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command 'rpm -Fhv file.rpm' to apply the update.
#
# (C) Tenable Network Security, Inc.
#
# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2002:038
#
if ( ! defined_func("bn_random") ) exit(0);
include("compat.inc");
if(description)
{
script_id(13759);
script_version ("$Revision: 1.9 $");
script_cve_id("CVE-2002-0972");
name["english"] = "SUSE-SA:2002:038: postgresql";
script_name(english:name["english"]);
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a vendor-supplied security patch" );
script_set_attribute(attribute:"description", value:
"The remote host is missing the patch for the advisory SUSE-SA:2002:038 (postgresql).
The PostgreSQL Object-Relational DBMS was found vulnerable to several
security related buffer overflow problems.
The buffer overflows are located in:
* handling long datetime input
* lpad() and rpad() function with multibyte
* repeat() function
* TZ and SET TIME ZONE environment variables
These bugs could just be exploited by attackers who have access to the
postgresql server to gain the privileges postgres user ID .
The PostgreSQL package is not installed by default.
A temporary fix is not known.
Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command 'rpm -Fhv file.rpm' to apply
the update." );
script_set_attribute(attribute:"solution", value:
"http://www.suse.de/security/2002_038_postgresql.html" );
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/25");
script_cvs_date("$Date: 2016/12/27 20:14:32 $");
script_end_attributes();
summary["english"] = "Check for the version of the postgresql package";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.");
family["english"] = "SuSE Local Security Checks";
script_family(english:family["english"]);
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/SuSE/rpm-list");
exit(0);
}
include("rpm.inc");
if ( rpm_check( reference:"postgresql-libs-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-contrib-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-devel-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-docs-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-jdbc-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-odbc-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-perl-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-python-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-server-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-tcl-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-test-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-tk-7.1.3-116", release:"SUSE7.3") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-libs-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-contrib-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-devel-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-docs-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-jdbc-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-odbc-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-perl-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-python-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-server-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-tcl-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-test-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if ( rpm_check( reference:"postgresql-tk-7.2-103", release:"SUSE8.0") )
{
security_warning(0);
exit(0);
}
if (rpm_exists(rpm:"postgresql-", release:"SUSE7.3")
|| rpm_exists(rpm:"postgresql-", release:"SUSE8.0") )
{
set_kb_item(name:"CVE-2002-0972", value:TRUE);
}
{"id": "SUSE_SA_2002_038.NASL", "bulletinFamily": "scanner", "title": "SUSE-SA:2002:038: postgresql", "description": "The remote host is missing the patch for the advisory SUSE-SA:2002:038 (postgresql).\n\n\nThe PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems.\nThe buffer overflows are located in:\n* handling long datetime input\n* lpad() and rpad() function with multibyte\n* repeat() function\n* TZ and SET TIME ZONE environment variables These bugs could just be exploited by attackers who have access to the postgresql server to gain the privileges postgres user ID .\n\nThe PostgreSQL package is not installed by default.\nA temporary fix is not known.\n\nPlease download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply the update.", "published": "2004-07-25T00:00:00", "modified": "2016-12-27T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=13759", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2002-0972"], "type": "nessus", "lastseen": "2018-09-02T00:08:49", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2002-0972"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing the patch for the advisory SUSE-SA:2002:038 (postgresql).\n\n\nThe PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems.\nThe buffer overflows are located in:\n* handling long datetime input\n* lpad() and rpad() function with multibyte\n* repeat() function\n* TZ and SET TIME ZONE environment variables These bugs could just be exploited by attackers who have access to the postgresql server to gain the privileges postgres user ID .\n\nThe PostgreSQL package is not installed by default.\nA temporary fix is not known.\n\nPlease download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply the update.", "edition": 1, "hash": "4d1f5d5d5e4dd78a07ce4cf198112c1bc3215a011aef55438dde03c33585a9be", "hashmap": [{"hash": "1e954d4018cb1d50e91823f5158aa10a", "key": "description"}, {"hash": "e43f7ad65c0f94167971eba2cab4000b", "key": "cvelist"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "40411d9286552c7b96d9d4944804345d", "key": "href"}, {"hash": "3e3dab60e3a76214aed4a502603e8636", "key": "pluginID"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "295089851b5db421f2f4d97d11160d57", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "ec8a0b670c28b1a5b3476d2282386ee7", "key": "title"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "66663704e9dd8be73768da8b89cdf6f7", "key": "published"}, {"hash": "66663704e9dd8be73768da8b89cdf6f7", "key": "modified"}, {"hash": "e200954fc492a0eff5118d58e8cfe2a5", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=13759", "id": "SUSE_SA_2002_038.NASL", "lastseen": "2016-09-26T17:26:34", "modified": "2004-07-25T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "13759", "published": "2004-07-25T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2002:038\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13759);\n script_version (\"$Revision: 1.8 $\");\n script_cve_id(\"CVE-2002-0972\");\n \n name[\"english\"] = \"SUSE-SA:2002:038: postgresql\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2002:038 (postgresql).\n\n\nThe PostgreSQL Object-Relational DBMS was found vulnerable to several\nsecurity related buffer overflow problems.\nThe buffer overflows are located in:\n* handling long datetime input\n* lpad() and rpad() function with multibyte\n* repeat() function\n* TZ and SET TIME ZONE environment variables\nThese bugs could just be exploited by attackers who have access to the\npostgresql server to gain the privileges postgres user ID .\n\nThe PostgreSQL package is not installed by default.\nA temporary fix is not known.\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply\nthe update.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/2002_038_postgresql.html\" );\n script_set_attribute(attribute:\"cvss_vector\", value: \"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/25\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the postgresql package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2010 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"postgresql-libs-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-contrib-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-devel-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-docs-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-jdbc-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-odbc-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-perl-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-python-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-server-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tcl-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-test-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tk-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-libs-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-contrib-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-devel-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-docs-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-jdbc-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-odbc-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-perl-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-python-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-server-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tcl-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-test-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tk-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"postgresql-\", release:\"SUSE7.3\")\n || rpm_exists(rpm:\"postgresql-\", release:\"SUSE8.0\") )\n{\n set_kb_item(name:\"CVE-2002-0972\", value:TRUE);\n}\n", "title": "SUSE-SA:2002:038: postgresql", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:26:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2002-0972"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is missing the patch for the advisory SUSE-SA:2002:038 (postgresql).\n\n\nThe PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems.\nThe buffer overflows are located in:\n* handling long datetime input\n* lpad() and rpad() function with multibyte\n* repeat() function\n* TZ and SET TIME ZONE environment variables These bugs could just be exploited by attackers who have access to the postgresql server to gain the privileges postgres user ID .\n\nThe PostgreSQL package is not installed by default.\nA temporary fix is not known.\n\nPlease download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply the update.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "c65f75b83f2ecda5023b1896159c933870bf25f5b0f05d9d23a11b77a4f60e77", "hashmap": [{"hash": "1e954d4018cb1d50e91823f5158aa10a", "key": "description"}, {"hash": "e43f7ad65c0f94167971eba2cab4000b", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "40411d9286552c7b96d9d4944804345d", "key": "href"}, {"hash": "3e3dab60e3a76214aed4a502603e8636", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4148484a60c43a283114e8ed9992234f", "key": "sourceData"}, {"hash": "b017f8fd1f68bf1ce3326a29d49bf7f3", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "ec8a0b670c28b1a5b3476d2282386ee7", "key": "title"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "66663704e9dd8be73768da8b89cdf6f7", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=13759", "id": "SUSE_SA_2002_038.NASL", "lastseen": "2016-12-28T06:14:06", "modified": "2016-12-27T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "13759", "published": "2004-07-25T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2002:038\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13759);\n script_version (\"$Revision: 1.9 $\");\n script_cve_id(\"CVE-2002-0972\");\n \n name[\"english\"] = \"SUSE-SA:2002:038: postgresql\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2002:038 (postgresql).\n\n\nThe PostgreSQL Object-Relational DBMS was found vulnerable to several\nsecurity related buffer overflow problems.\nThe buffer overflows are located in:\n* handling long datetime input\n* lpad() and rpad() function with multibyte\n* repeat() function\n* TZ and SET TIME ZONE environment variables\nThese bugs could just be exploited by attackers who have access to the\npostgresql server to gain the privileges postgres user ID .\n\nThe PostgreSQL package is not installed by default.\nA temporary fix is not known.\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply\nthe update.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/2002_038_postgresql.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/25\");\n script_cvs_date(\"$Date: 2016/12/27 20:14:32 $\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the postgresql package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"postgresql-libs-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-contrib-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-devel-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-docs-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-jdbc-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-odbc-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-perl-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-python-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-server-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tcl-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-test-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tk-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-libs-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-contrib-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-devel-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-docs-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-jdbc-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-odbc-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-perl-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-python-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-server-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tcl-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-test-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tk-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"postgresql-\", release:\"SUSE7.3\")\n || rpm_exists(rpm:\"postgresql-\", release:\"SUSE8.0\") )\n{\n set_kb_item(name:\"CVE-2002-0972\", value:TRUE);\n}\n", "title": "SUSE-SA:2002:038: postgresql", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2016-12-28T06:14:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2002-0972"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is missing the patch for the advisory SUSE-SA:2002:038 (postgresql).\n\n\nThe PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems.\nThe buffer overflows are located in:\n* handling long datetime input\n* lpad() and rpad() function with multibyte\n* repeat() function\n* TZ and SET TIME ZONE environment variables These bugs could just be exploited by attackers who have access to the postgresql server to gain the privileges postgres user ID .\n\nThe PostgreSQL package is not installed by default.\nA temporary fix is not known.\n\nPlease download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply the update.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a524905e3d96fffc2eabd67b4d810bf52b4241a685b6fee9cc7ede3680a12538", "hashmap": [{"hash": "1e954d4018cb1d50e91823f5158aa10a", "key": "description"}, {"hash": "e43f7ad65c0f94167971eba2cab4000b", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "40411d9286552c7b96d9d4944804345d", "key": "href"}, {"hash": "3e3dab60e3a76214aed4a502603e8636", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4148484a60c43a283114e8ed9992234f", "key": "sourceData"}, {"hash": "b017f8fd1f68bf1ce3326a29d49bf7f3", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "ec8a0b670c28b1a5b3476d2282386ee7", "key": "title"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "66663704e9dd8be73768da8b89cdf6f7", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=13759", "id": "SUSE_SA_2002_038.NASL", "lastseen": "2018-08-30T19:57:14", "modified": "2016-12-27T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "13759", "published": "2004-07-25T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2002:038\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13759);\n script_version (\"$Revision: 1.9 $\");\n script_cve_id(\"CVE-2002-0972\");\n \n name[\"english\"] = \"SUSE-SA:2002:038: postgresql\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2002:038 (postgresql).\n\n\nThe PostgreSQL Object-Relational DBMS was found vulnerable to several\nsecurity related buffer overflow problems.\nThe buffer overflows are located in:\n* handling long datetime input\n* lpad() and rpad() function with multibyte\n* repeat() function\n* TZ and SET TIME ZONE environment variables\nThese bugs could just be exploited by attackers who have access to the\npostgresql server to gain the privileges postgres user ID .\n\nThe PostgreSQL package is not installed by default.\nA temporary fix is not known.\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply\nthe update.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/2002_038_postgresql.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/25\");\n script_cvs_date(\"$Date: 2016/12/27 20:14:32 $\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the postgresql package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"postgresql-libs-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-contrib-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-devel-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-docs-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-jdbc-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-odbc-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-perl-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-python-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-server-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tcl-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-test-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tk-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-libs-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-contrib-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-devel-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-docs-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-jdbc-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-odbc-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-perl-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-python-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-server-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tcl-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-test-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tk-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"postgresql-\", release:\"SUSE7.3\")\n || rpm_exists(rpm:\"postgresql-\", release:\"SUSE8.0\") )\n{\n set_kb_item(name:\"CVE-2002-0972\", value:TRUE);\n}\n", "title": "SUSE-SA:2002:038: postgresql", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:57:14"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "e43f7ad65c0f94167971eba2cab4000b"}, {"key": "cvss", "hash": "292f2e293571b0e70e3182b615982dad"}, {"key": "description", "hash": "1e954d4018cb1d50e91823f5158aa10a"}, {"key": "href", "hash": "40411d9286552c7b96d9d4944804345d"}, {"key": "modified", "hash": "b017f8fd1f68bf1ce3326a29d49bf7f3"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "3e3dab60e3a76214aed4a502603e8636"}, {"key": "published", "hash": "66663704e9dd8be73768da8b89cdf6f7"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "4148484a60c43a283114e8ed9992234f"}, {"key": "title", "hash": "ec8a0b670c28b1a5b3476d2282386ee7"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "c65f75b83f2ecda5023b1896159c933870bf25f5b0f05d9d23a11b77a4f60e77", "viewCount": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2002:038\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(13759);\n script_version (\"$Revision: 1.9 $\");\n script_cve_id(\"CVE-2002-0972\");\n \n name[\"english\"] = \"SUSE-SA:2002:038: postgresql\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2002:038 (postgresql).\n\n\nThe PostgreSQL Object-Relational DBMS was found vulnerable to several\nsecurity related buffer overflow problems.\nThe buffer overflows are located in:\n* handling long datetime input\n* lpad() and rpad() function with multibyte\n* repeat() function\n* TZ and SET TIME ZONE environment variables\nThese bugs could just be exploited by attackers who have access to the\npostgresql server to gain the privileges postgres user ID .\n\nThe PostgreSQL package is not installed by default.\nA temporary fix is not known.\n\nPlease download the update package for your distribution and verify its\nintegrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply\nthe update.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/2002_038_postgresql.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/25\");\n script_cvs_date(\"$Date: 2016/12/27 20:14:32 $\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the postgresql package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"postgresql-libs-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-contrib-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-devel-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-docs-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-jdbc-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-odbc-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-perl-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-python-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-server-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tcl-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-test-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tk-7.1.3-116\", release:\"SUSE7.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-libs-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-contrib-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-devel-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-docs-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-jdbc-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-odbc-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-perl-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-python-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-server-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tcl-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-test-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"postgresql-tk-7.2-103\", release:\"SUSE8.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"postgresql-\", release:\"SUSE7.3\")\n || rpm_exists(rpm:\"postgresql-\", release:\"SUSE8.0\") )\n{\n set_kb_item(name:\"CVE-2002-0972\", value:TRUE);\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "13759", "cpe": []}
{"cve": [{"lastseen": "2017-04-18T15:49:45", "references": ["http://marc.info/?l=bugtraq&m=102987608300785&w=2", "http://www.redhat.com/support/errata/RHSA-2003-001.html"], "description": "Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad.", "edition": 2, "reporter": "NVD", "published": "2002-09-24T00:00:00", "title": "CVE-2002-0972", "type": "cve", "enchantments": {"score": {"modified": "2017-04-18T15:49:45", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2002-0972"], "scanner": [], "modified": "2016-10-17T22:23:07", "cpe": ["cpe:/a:postgresql:postgresql:7.2.1", "cpe:/a:postgresql:postgresql:7.1.2", "cpe:/a:postgresql:postgresql:7.1.1", "cpe:/a:postgresql:postgresql:6.5.3", "cpe:/a:postgresql:postgresql:7.1", "cpe:/a:postgresql:postgresql:6.3.2", "cpe:/a:postgresql:postgresql:7.2"], "id": "CVE-2002-0972", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0972", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:04", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-08/0205.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-08/0258.html\nISS X-Force ID: 9927\n[CVE-2002-0972](https://vulners.com/cve/CVE-2002-0972)\nBugtraq ID: 5528\n", "reporter": "OSVDB", "published": "2002-08-20T00:00:00", "title": "PostgreSQL Multiple Function Long Argument Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2002-0972"], "modified": "2002-08-20T00:00:00", "id": "OSVDB:9503", "href": "https://vulners.com/osvdb/OSVDB:9503", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:50", "references": [], "pluginID": "53421", "description": "The remote host is missing an update to postgresql\nannounced via advisory DSA 165-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 165-1 (postgresql)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0972"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53421", "id": "OPENVAS:53421", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_165_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 165-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mordred Labs and others found several vulnerabilities in PostgreSQL,\nan object-relational SQL database. They are inherited from several\nbuffer overflows and integer overflows. Specially crafted long date\nand time input, currency, repeat data and long timezone names could\ncause the PostgreSQL server to crash as well as specially crafted\ninput data for lpad() and rpad(). More buffer/integer overflows were\nfound in circle_poly(), path_encode() and path_addr().\n\nExcept for the last three, these problems are fixed in the upstream\nrelease 7.2.2 of PostgreSQL which is the recommended version to use.\n\nMost of these problems do not exist in the version of PostgreSQL that\nDebian ships in the potato release since the corresponding\nfunctionality is not yet implemented. However, PostgreSQL 6.5.3 is\nquite old and may bear more risks than we are aware of, which may\ninclude further buffer overflows, and certainly include bugs that\nthreaten the integrity of your data.\n\nYou are strongly advised not to use this release but to upgrade your\nsystem to Debian 3.0 (stable) including PostgreSQL release 7.2.1\ninstead, where many bugs have been fixed and new features introduced\nto increase compatibility with the SQL standards.\n\nIf you consider an upgrade, please make sure to dump the entire\ndatabase system using the pg_dumpall utility. Please take into\nconsideration that the newer PostgreSQL is more strict in its input\nhandling. This means that tests line foo = NULL which are not valid\nwon't be accepted anymore. It also means that when using UNICODE\nencoding, ISO 8859-1 and ISO 8859-15 are no longer valid incoding to\nuse when inserting data into the relation. In such a case you are\nadvised to convert the dump in question using recode latin1..utf-16.\n\nThese problems have been fixed in version 7.2.1-2woody2 for the\ncurrent stable distribution (woody) and in version 7.2.2-2 for the\nunstable distribution (sid). The old stable distribution (potato) is\npartially affected and we ship a fixed version 6.5.3-27.2 for it.\n\nWe recommend that you upgrade your PostgreSQL packages.\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory DSA 165-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20165-1\";\n\nif(description)\n{\n script_id(53421);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0972\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 165-1 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"6.5.3-27.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"6.5.3-27.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"6.5.3-27.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"6.5.3-27.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-dev\", ver:\"6.5.3-27.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"7.2.1-2woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"7.2.1-2woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"7.2.1-2woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"7.2.1-2woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-dev\", ver:\"7.2.1-2woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:28:41", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "1.4.14-319", "packageName": "syslog-ng", "packageFilename": "syslog-ng-1.4.14-319.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "1.4.12-72", "packageName": "syslog-ng", "packageFilename": "syslog-ng-1.4.12-72.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "1.4.12-57", "packageName": "syslog-ng", "packageFilename": "syslog-ng-1.4.12-57.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "1.4.12-30", "packageName": "syslog-ng", "packageFilename": "syslog-ng-1.4.12-30.sparc.rpm", "arch": "sparc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "1.4.14-321", "packageName": "syslog-ng", "packageFilename": "syslog-ng-1.4.14-321.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "1.4.11-88", "packageName": "syslog-ng", "packageFilename": "syslog-ng-1.4.11-88.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.2", "packageVersion": "1.4.11-89", "packageName": "syslog-ng", "packageFilename": "syslog-ng-1.4.11-89.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "1.4.11-30", "packageName": "syslog-ng", "packageFilename": "syslog-ng-1.4.11-30.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "1.4.11-26", "packageName": "syslog-ng", "packageFilename": "syslog-ng-1.4.11-26.alpha.rpm", "arch": "alpha", "operator": "lt"}], "description": "The syslog-ng package is a portable syslog implementation which can be used as syslogd replacement. Syslog-ng contained buffer overflows in its macro expansion routines. These overflows could be triggered by remote attackers if certain configuration options were enabled. Syslog-ng is not used by default on SuSE Linux, and even if installed, the problematic options are not enabled by default. We recommend an update of the syslog-ng package nevertheless if you use syslog-ng for logging. To be sure the update takes effect you have to restart the daemon by issuing the following command as root:", "edition": 1, "reporter": "Suse", "published": "2002-10-31T10:25:06", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "remote command execution in syslog-ng", "bulletinFamily": "unix", "cvelist": ["CVE-2002-0972", "CVE-2002-0839", "CVE-2002-1200"], "modified": "2002-10-31T10:25:06", "id": "SUSE-SA:2002:039", "href": "http://lists.opensuse.org/opensuse-security-announce/2002-10/msg00012.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:56:36", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql", "packageFilename": "postgresql-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "7.0.3-23", "packageName": "postgresql", "packageFilename": "postgresql-7.0.3-23.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "7.0.3-23", "packageName": "postgresql-lib", "packageFilename": "postgresql-lib-7.0.3-23.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "7.0.3-23", "packageName": "postgresql-odbc", "packageFilename": "postgresql-odbc-7.0.3-23.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-tk", "packageFilename": "postgresql-tk-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "7.0.3-23", "packageName": "postgresql-perl", "packageFilename": "postgresql-perl-7.0.3-23.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "7.0.3-23", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.0.3-23.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "7.0.3-23", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.0.3-23.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "7.0.3-23", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.0.3-23.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql", "packageFilename": "postgresql-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-odbc", "packageFilename": "postgresql-odbc-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-odbc", "packageFilename": "postgresql-odbc-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-odbc", "packageFilename": "postgresql-odbc-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-perl", "packageFilename": "postgresql-perl-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-perl", "packageFilename": "postgresql-perl-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-perl", "packageFilename": "postgresql-perl-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "7.0.3-23", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.0.3-23.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "7.0.3-23", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.0.3-23.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "7.0.3-23", "packageName": "postgresql-tk", "packageFilename": "postgresql-tk-7.0.3-23.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql", "packageFilename": "postgresql-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-tk", "packageFilename": "postgresql-tk-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-95", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.1.3-95.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.1", "packageVersion": "7.0.3-23", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.0.3-23.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "7.3", "packageVersion": "7.1.3-116", "packageName": "postgresql-tk", "packageFilename": "postgresql-tk-7.1.3-116.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "7.2-103", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.2-103.i386.rpm", "arch": "i386", "operator": "lt"}], "description": "The PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems. The buffer overflows are located in: * handling long datetime input * lpad() and rpad() function with multibyte * repeat() function * TZ and SET TIME ZONE environment variables These bugs could just be exploited by attackers who have access to the postgresql server to gain the privileges postgres user ID .", "edition": 1, "reporter": "Suse", "published": "2002-10-21T15:54:39", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "remote privilege escalation in postgresql", "bulletinFamily": "unix", "cvelist": ["CVE-2002-1398", "CVE-2002-1402", "CVE-2002-0972", "CVE-2002-1400"], "modified": "2002-10-21T15:54:39", "id": "SUSE-SA:2002:038", "href": "http://lists.opensuse.org/opensuse-security-announce/2002-10/msg00010.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:27:59", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "odbc-postgresql_7.2.1-2woody2_arm.deb", "packageName": "odbc-postgresql", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2_m68k.deb", "packageName": "postgresql", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "pgaccess_6.5.3-27.2_alpha.deb", "packageName": "pgaccess", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "pgaccess_7.2.1-2woody2_mips.deb", "packageName": "pgaccess", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-contrib_7.2.1-2woody2_s390.deb", "packageName": "postgresql-contrib", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2_ia64.deb", "packageName": "postgresql", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-client_7.2.1-2woody2_i386.deb", "packageName": "postgresql-client", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgperl_6.5.3-27.2_i386.deb", "packageName": "libpgperl", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "odbc-postgresql_6.5.3-27.2_arm.deb", "packageName": "odbc-postgresql", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-client_7.2.1-2woody2_arm.deb", "packageName": "postgresql-client", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2_mips.deb", "packageName": "postgresql", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgperl_7.2.1-2woody2_powerpc.deb", "packageName": "libpgperl", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2_arm.deb", "packageName": "postgresql", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "pgaccess_6.5.3-27.2_m68k.deb", "packageName": "pgaccess", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-dev_6.5.3-27.2_powerpc.deb", "packageName": "postgresql-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgsql2_7.2.1-2woody2_sparc.deb", "packageName": "libpgsql2", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "odbc-postgresql_7.2.1-2woody2_sparc.deb", "packageName": "odbc-postgresql", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "python-pygresql_7.2.1-2woody2_sparc.deb", "packageName": "python-pygresql", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "pgaccess_7.2.1-2woody2_m68k.deb", "packageName": "pgaccess", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-client_7.2.1-2woody2_alpha.deb", "packageName": "postgresql-client", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-test_6.5.3-27.2_alpha.deb", "packageName": "postgresql-test", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libecpg3_7.2.1-2woody2_mipsel.deb", "packageName": "libecpg3", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-test_6.5.3-27.2_arm.deb", "packageName": "postgresql-test", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgsql2_7.2.1-2woody2_powerpc.deb", "packageName": "libpgsql2", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-test_6.5.3-27.2_powerpc.deb", "packageName": "postgresql-test", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "python-pygresql_6.5.3-27.2_powerpc.deb", "packageName": "python-pygresql", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-test_6.5.3-27.2_m68k.deb", "packageName": "postgresql-test", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "pgaccess_7.2.1-2woody2_s390.deb", "packageName": "pgaccess", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgperl_7.2.1-2woody2_i386.deb", "packageName": "libpgperl", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgsql2_6.5.3-27.2_alpha.deb", "packageName": "libpgsql2", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgsql2_7.2.1-2woody2_s390.deb", "packageName": "libpgsql2", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgsql2_7.2.1-2woody2_mipsel.deb", "packageName": "libpgsql2", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-contrib_7.2.1-2woody2_powerpc.deb", "packageName": "postgresql-contrib", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgsql2_7.2.1-2woody2_i386.deb", "packageName": "libpgsql2", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "python-pygresql_7.2.1-2woody2_mipsel.deb", "packageName": "python-pygresql", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2_hppa.deb", "packageName": "postgresql", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgperl_7.2.1-2woody2_mips.deb", "packageName": "libpgperl", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libecpg3_7.2.1-2woody2_sparc.deb", "packageName": "libecpg3", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-contrib_7.2.1-2woody2_ia64.deb", "packageName": "postgresql-contrib", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "ecpg_6.5.3-27.2_m68k.deb", "packageName": "ecpg", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-pl_6.5.3-27.2_sparc.deb", "packageName": "postgresql-pl", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-client_7.2.1-2woody2_sparc.deb", "packageName": "postgresql-client", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgtcl_6.5.3-27.2_powerpc.deb", "packageName": "libpgtcl", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-contrib_6.5.3-27.2_m68k.deb", "packageName": "postgresql-contrib", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "odbc-postgresql_7.2.1-2woody2_m68k.deb", "packageName": "odbc-postgresql", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.37.3-3.1", "packageFilename": "courier-authpostgresql_0.37.3-3.1_powerpc.deb", "packageName": "courier-authpostgresql", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-pl_6.5.3-27.2_m68k.deb", "packageName": "postgresql-pl", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-client_7.2.1-2woody2_mipsel.deb", "packageName": "postgresql-client", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgsql2_6.5.3-27.2_i386.deb", "packageName": "libpgsql2", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "odbc-postgresql_7.2.1-2woody2_mips.deb", "packageName": "odbc-postgresql", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2_mipsel.deb", "packageName": "postgresql", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.37.3-3.1", "packageFilename": "courier-authpostgresql_0.37.3-3.1_alpha.deb", "packageName": "courier-authpostgresql", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql_6.5.3-27.2_m68k.deb", "packageName": "postgresql", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgperl_7.2.1-2woody2_hppa.deb", "packageName": "libpgperl", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-dev_7.2.1-2woody2_arm.deb", "packageName": "postgresql-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-client_6.5.3-27.2_arm.deb", "packageName": "postgresql-client", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "pgaccess_6.5.3-27.2_i386.deb", "packageName": "pgaccess", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgtcl_6.5.3-27.2_m68k.deb", "packageName": "libpgtcl", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "python-pygresql_6.5.3-27.2_arm.deb", "packageName": "python-pygresql", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "odbc-postgresql_7.2.1-2woody2_i386.deb", "packageName": "odbc-postgresql", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "python-pygresql_6.5.3-27.2_sparc.deb", "packageName": "python-pygresql", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgsql2_6.5.3-27.2_sparc.deb", "packageName": "libpgsql2", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgperl_6.5.3-27.2_sparc.deb", "packageName": "libpgperl", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-contrib_7.2.1-2woody2_m68k.deb", "packageName": "postgresql-contrib", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-contrib_7.2.1-2woody2_arm.deb", "packageName": "postgresql-contrib", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-dev_6.5.3-27.2_alpha.deb", "packageName": "postgresql-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgtcl_7.2.1-2woody2_arm.deb", "packageName": "libpgtcl", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgperl_6.5.3-27.2_alpha.deb", "packageName": "libpgperl", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libecpg3_7.2.1-2woody2_ia64.deb", "packageName": "libecpg3", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "ecpg_6.5.3-27.2_sparc.deb", "packageName": "ecpg", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "pgaccess_7.2.1-2woody2_arm.deb", "packageName": "pgaccess", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgsql2_6.5.3-27.2_powerpc.deb", "packageName": "libpgsql2", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2.diff", "packageFilename": "postgresql_6.5.3-27.2.diff.gz", "packageName": "postgresql", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.37.3-3.1", "packageFilename": "courier-authpostgresql_0.37.3-3.1_m68k.deb", "packageName": "courier-authpostgresql", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "python-pygresql_7.2.1-2woody2_alpha.deb", "packageName": "python-pygresql", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "python-pygresql_7.2.1-2woody2_i386.deb", "packageName": "python-pygresql", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "python-pygresql_7.2.1-2woody2_m68k.deb", "packageName": "python-pygresql", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-dev_7.2.1-2woody2_mipsel.deb", "packageName": "postgresql-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "odbc-postgresql_7.2.1-2woody2_alpha.deb", "packageName": "odbc-postgresql", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-contrib_7.2.1-2woody2_mipsel.deb", "packageName": "postgresql-contrib", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-client_7.2.1-2woody2_mips.deb", "packageName": "postgresql-client", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-contrib_6.5.3-27.2_arm.deb", "packageName": "postgresql-contrib", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql_6.5.3-27.2_powerpc.deb", "packageName": "postgresql", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-dev_6.5.3-27.2_m68k.deb", "packageName": "postgresql-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2_alpha.deb", "packageName": "postgresql", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgperl_6.5.3-27.2_m68k.deb", "packageName": "libpgperl", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgsql2_7.2.1-2woody2_arm.deb", "packageName": "libpgsql2", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "python-pygresql_7.2.1-2woody2_arm.deb", "packageName": "python-pygresql", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-contrib_7.2.1-2woody2_alpha.deb", "packageName": "postgresql-contrib", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql_6.5.3-27.2_arm.deb", "packageName": "postgresql", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "python-pygresql_7.2.1-2woody2_hppa.deb", "packageName": "python-pygresql", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgtcl_7.2.1-2woody2_hppa.deb", "packageName": "libpgtcl", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgtcl_6.5.3-27.2_arm.deb", "packageName": "libpgtcl", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql_6.5.3-27.2_i386.deb", "packageName": "postgresql", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-contrib_6.5.3-27.2_powerpc.deb", "packageName": "postgresql-contrib", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.37.3-3.1", "packageFilename": "courier-authpostgresql_0.37.3-3.1_hppa.deb", "packageName": "courier-authpostgresql", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.37.3-3.1", "packageFilename": "courier-authpostgresql_0.37.3-3.1_s390.deb", "packageName": "courier-authpostgresql", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2_sparc.deb", "packageName": "postgresql", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3.orig", "packageFilename": "postgresql_6.5.3.orig.tar.gz", "packageName": "postgresql", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-pl_6.5.3-27.2_alpha.deb", "packageName": "postgresql-pl", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "odbc-postgresql_6.5.3-27.2_alpha.deb", "packageName": "odbc-postgresql", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-contrib_6.5.3-27.2_sparc.deb", "packageName": "postgresql-contrib", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "ecpg_6.5.3-27.2_arm.deb", "packageName": "ecpg", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgperl_7.2.1-2woody2_mipsel.deb", "packageName": "libpgperl", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libecpg3_7.2.1-2woody2_hppa.deb", "packageName": "libecpg3", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgtcl_6.5.3-27.2_alpha.deb", "packageName": "libpgtcl", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-client_6.5.3-27.2_powerpc.deb", "packageName": "postgresql-client", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-pl_6.5.3-27.2_i386.deb", "packageName": "postgresql-pl", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgperl_7.2.1-2woody2_alpha.deb", "packageName": "libpgperl", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "python-pygresql_6.5.3-27.2_i386.deb", "packageName": "python-pygresql", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgperl_7.2.1-2woody2_sparc.deb", "packageName": "libpgperl", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "pgaccess_7.2.1-2woody2_sparc.deb", "packageName": "pgaccess", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libecpg3_7.2.1-2woody2_powerpc.deb", "packageName": "libecpg3", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "pgaccess_7.2.1-2woody2_powerpc.deb", "packageName": "pgaccess", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "odbc-postgresql_7.2.1-2woody2_hppa.deb", "packageName": "odbc-postgresql", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-client_7.2.1-2woody2_m68k.deb", "packageName": "postgresql-client", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "pgaccess_7.2.1-2woody2_ia64.deb", "packageName": "pgaccess", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.37.3-3.1", "packageFilename": "courier-authpostgresql_0.37.3-3.1_mipsel.deb", "packageName": "courier-authpostgresql", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "pgaccess_7.2.1-2woody2_alpha.deb", "packageName": "pgaccess", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "ecpg_6.5.3-27.2_powerpc.deb", "packageName": "ecpg", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-contrib_6.5.3-27.2_alpha.deb", "packageName": "postgresql-contrib", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-contrib_6.5.3-27.2_i386.deb", "packageName": "postgresql-contrib", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgperl_7.2.1-2woody2_arm.deb", "packageName": "libpgperl", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "odbc-postgresql_6.5.3-27.2_m68k.deb", "packageName": "odbc-postgresql", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-client_7.2.1-2woody2_ia64.deb", "packageName": "postgresql-client", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.37.3-3.1", "packageFilename": "courier-authpostgresql_0.37.3-3.1_sparc.deb", "packageName": "courier-authpostgresql", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "odbc-postgresql_7.2.1-2woody2_ia64.deb", "packageName": "odbc-postgresql", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libecpg3_7.2.1-2woody2_m68k.deb", "packageName": "libecpg3", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-dev_7.2.1-2woody2_hppa.deb", "packageName": "postgresql-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "python-pygresql_7.2.1-2woody2_powerpc.deb", "packageName": "python-pygresql", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2_s390.deb", "packageName": "postgresql", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgsql2_7.2.1-2woody2_m68k.deb", "packageName": "libpgsql2", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-doc_6.5.3-27.2_all.deb", "packageName": "postgresql-doc", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgperl_6.5.3-27.2_arm.deb", "packageName": "libpgperl", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgtcl_7.2.1-2woody2_mips.deb", "packageName": "libpgtcl", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgperl_7.2.1-2woody2_m68k.deb", "packageName": "libpgperl", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql_6.5.3-27.2.dsc", "packageName": "postgresql", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2.diff", "packageFilename": "postgresql_7.2.1-2woody2.diff.gz", "packageName": "postgresql", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgtcl_7.2.1-2woody2_s390.deb", "packageName": "libpgtcl", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "ecpg_6.5.3-27.2_i386.deb", "packageName": "ecpg", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-contrib_7.2.1-2woody2_i386.deb", "packageName": "postgresql-contrib", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-dev_7.2.1-2woody2_mips.deb", "packageName": "postgresql-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgtcl_7.2.1-2woody2_alpha.deb", "packageName": "libpgtcl", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgtcl_7.2.1-2woody2_powerpc.deb", "packageName": "libpgtcl", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "python-pygresql_7.2.1-2woody2_mips.deb", "packageName": "python-pygresql", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libecpg3_7.2.1-2woody2_alpha.deb", "packageName": "libecpg3", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-client_7.2.1-2woody2_s390.deb", "packageName": "postgresql-client", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-client_7.2.1-2woody2_powerpc.deb", "packageName": "postgresql-client", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "python-pygresql_7.2.1-2woody2_s390.deb", "packageName": "python-pygresql", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-dev_7.2.1-2woody2_ia64.deb", "packageName": "postgresql-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1.orig", "packageFilename": "postgresql_7.2.1.orig.tar.gz", "packageName": "postgresql", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.37.3-3.1", "packageFilename": "courier-authpostgresql_0.37.3-3.1_i386.deb", "packageName": "courier-authpostgresql", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "odbc-postgresql_7.2.1-2woody2_mipsel.deb", "packageName": "odbc-postgresql", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "python-pygresql_6.5.3-27.2_alpha.deb", "packageName": "python-pygresql", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgsql2_7.2.1-2woody2_alpha.deb", "packageName": "libpgsql2", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "odbc-postgresql_6.5.3-27.2_sparc.deb", "packageName": "odbc-postgresql", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-dev_7.2.1-2woody2_alpha.deb", "packageName": "postgresql-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "odbc-postgresql_7.2.1-2woody2_powerpc.deb", "packageName": "odbc-postgresql", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "pgaccess_6.5.3-27.2_powerpc.deb", "packageName": "pgaccess", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2_powerpc.deb", "packageName": "postgresql", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "odbc-postgresql_7.2.1-2woody2_s390.deb", "packageName": "odbc-postgresql", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgtcl_7.2.1-2woody2_sparc.deb", "packageName": "libpgtcl", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-client_6.5.3-27.2_alpha.deb", "packageName": "postgresql-client", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-contrib_7.2.1-2woody2_hppa.deb", "packageName": "postgresql-contrib", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgperl_7.2.1-2woody2_s390.deb", "packageName": "libpgperl", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2.dsc", "packageName": "postgresql", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "pgaccess_6.5.3-27.2_sparc.deb", "packageName": "pgaccess", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgsql2_7.2.1-2woody2_ia64.deb", "packageName": "libpgsql2", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-pl_6.5.3-27.2_powerpc.deb", "packageName": "postgresql-pl", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-dev_6.5.3-27.2_sparc.deb", "packageName": "postgresql-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgperl_6.5.3-27.2_powerpc.deb", "packageName": "libpgperl", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgsql2_6.5.3-27.2_m68k.deb", "packageName": "libpgsql2", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.37.3-3.1", "packageFilename": "courier-authpostgresql_0.37.3-3.1_arm.deb", "packageName": "courier-authpostgresql", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "odbc-postgresql_6.5.3-27.2_powerpc.deb", "packageName": "odbc-postgresql", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-contrib_7.2.1-2woody2_sparc.deb", "packageName": "postgresql-contrib", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgtcl_7.2.1-2woody2_i386.deb", "packageName": "libpgtcl", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgtcl_7.2.1-2woody2_ia64.deb", "packageName": "libpgtcl", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-client_6.5.3-27.2_i386.deb", "packageName": "postgresql-client", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "pgaccess_7.2.1-2woody2_i386.deb", "packageName": "pgaccess", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-pl_6.5.3-27.2_arm.deb", "packageName": "postgresql-pl", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-client_6.5.3-27.2_sparc.deb", "packageName": "postgresql-client", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "pgaccess_6.5.3-27.2_arm.deb", "packageName": "pgaccess", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libecpg3_7.2.1-2woody2_i386.deb", "packageName": "libecpg3", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "pgaccess_7.2.1-2woody2_mipsel.deb", "packageName": "pgaccess", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-contrib_7.2.1-2woody2_mips.deb", "packageName": "postgresql-contrib", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-dev_7.2.1-2woody2_s390.deb", "packageName": "postgresql-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-dev_7.2.1-2woody2_i386.deb", "packageName": "postgresql-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "pgaccess_7.2.1-2woody2_hppa.deb", "packageName": "pgaccess", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.37.3-3.1", "packageFilename": "courier-authpostgresql_0.37.3-3.1_mips.deb", "packageName": "courier-authpostgresql", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-client_6.5.3-27.2_m68k.deb", "packageName": "postgresql-client", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-test_6.5.3-27.2_i386.deb", "packageName": "postgresql-test", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-dev_7.2.1-2woody2_m68k.deb", "packageName": "postgresql-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libecpg3_7.2.1-2woody2_mips.deb", "packageName": "libecpg3", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-dev_6.5.3-27.2_arm.deb", "packageName": "postgresql-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgperl_7.2.1-2woody2_ia64.deb", "packageName": "libpgperl", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgsql2_6.5.3-27.2_arm.deb", "packageName": "libpgsql2", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgtcl_6.5.3-27.2_i386.deb", "packageName": "libpgtcl", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-dev_7.2.1-2woody2_powerpc.deb", "packageName": "postgresql-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgsql2_7.2.1-2woody2_mips.deb", "packageName": "libpgsql2", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "python-pygresql_6.5.3-27.2_m68k.deb", "packageName": "python-pygresql", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libecpg3_7.2.1-2woody2_s390.deb", "packageName": "libecpg3", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "python-pygresql_7.2.1-2woody2_ia64.deb", "packageName": "python-pygresql", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql_7.2.1-2woody2_i386.deb", "packageName": "postgresql", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-test_6.5.3-27.2_sparc.deb", "packageName": "postgresql-test", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql_6.5.3-27.2_alpha.deb", "packageName": "postgresql", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgtcl_7.2.1-2woody2_mipsel.deb", "packageName": "libpgtcl", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgsql2_7.2.1-2woody2_hppa.deb", "packageName": "libpgsql2", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libecpg3_7.2.1-2woody2_arm.deb", "packageName": "libecpg3", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql_6.5.3-27.2_sparc.deb", "packageName": "postgresql", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-dev_7.2.1-2woody2_sparc.deb", "packageName": "postgresql-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "ecpg_6.5.3-27.2_alpha.deb", "packageName": "ecpg", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "odbc-postgresql_6.5.3-27.2_i386.deb", "packageName": "odbc-postgresql", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-client_7.2.1-2woody2_hppa.deb", "packageName": "postgresql-client", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "libpgtcl_6.5.3-27.2_sparc.deb", "packageName": "libpgtcl", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "0.37.3-3.1", "packageFilename": "courier-authpostgresql_0.37.3-3.1_ia64.deb", "packageName": "courier-authpostgresql", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "libpgtcl_7.2.1-2woody2_m68k.deb", "packageName": "libpgtcl", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "6.5.3-27.2", "packageFilename": "postgresql-dev_6.5.3-27.2_i386.deb", "packageName": "postgresql-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "7.2.1-2woody2", "packageFilename": "postgresql-doc_7.2.1-2woody2_all.deb", "packageName": "postgresql-doc", "arch": "all", "operator": "lt"}], "description": "Mordred Labs and others found several vulnerabilities in PostgreSQL, an object-relational SQL database. They are inherited from several buffer overflows and integer overflows. Specially crafted long date and time input, currency, repeat data and long timezone names could cause the PostgreSQL server to crash as well as specially crafted input data for lpad() and rpad(). More buffer/integer overflows were found in circle_poly(), path_encode() and path_addr().\n\nExcept for the last three, these problems are fixed in the upstream release 7.2.2 of PostgreSQL which is the recommended version to use.\n\nMost of these problems do not exist in the version of PostgreSQL that Debian ships in the potato release since the corresponding functionality is not yet implemented. However, PostgreSQL 6.5.3 is quite old and may bear more risks than we are aware of, which may include further buffer overflows, and certainly include bugs that threaten the integrity of your data.\n\nYou are strongly advised not to use this release but to upgrade your system to Debian 3.0 (stable) including PostgreSQL release 7.2.1 instead, where many bugs have been fixed and new features introduced to increase compatibility with the SQL standards.\n\nIf you consider an upgrade, please make sure to dump the entire database system using the pg_dumpall utility. Please take into consideration that the newer PostgreSQL is more strict in its input handling. This means that tests like \"foo = NULL\" which are not valid won't be accepted anymore. It also means that when using UNICODE encoding, ISO 8859-1 and ISO 8859-15 are no longer valid encodings to use when inserting data into the relation. In such a case you are advised to convert the dump in question using recode latin1..utf-16.\n\nThese problems have been fixed in version 7.2.1-2woody2 for the current stable distribution (woody) and in version 7.2.2-2 for the unstable distribution (sid). The old stable distribution (potato) is partially affected and we ship a fixed version 6.5.3-27.2 for it.\n\nWe recommend that you upgrade your PostgreSQL packages.", "edition": 1, "reporter": "Debian", "published": "2002-09-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "postgresql -- buffer overflows", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2002-1398", "CVE-2002-1401", "CVE-2002-1402", "CVE-2002-0972", "CVE-2002-1400"], "modified": "2002-09-12T00:00:00", "id": "DSA-165", "href": "http://www.debian.org/security/dsa-165", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:54:45", "references": ["http://www.debian.org/security/2002/dsa-165"], "pluginID": "15002", "description": "Mordred Labs and others found several vulnerabilities in PostgreSQL, an object-relational SQL database. They are inherited from several buffer overflows and integer overflows. Specially crafted long date and time input, currency, repeat data and long timezone names could cause the PostgreSQL server to crash as well as specially crafted input data for lpad() and rpad(). More buffer/integer overflows were found in circle_poly(), path_encode() and path_addr().\n\nExcept for the last three, these problems are fixed in the upstream release 7.2.2 of PostgreSQL which is the recommended version to use.\n\nMost of these problems do not exist in the version of PostgreSQL that Debian ships in the potato release since the corresponding functionality is not yet implemented. However, PostgreSQL 6.5.3 is quite old and may bear more risks than we are aware of, which may include further buffer overflows, and certainly include bugs that threaten the integrity of your data.\n\nYou are strongly advised not to use this release but to upgrade your system to Debian 3.0 (stable) including PostgreSQL release 7.2.1 instead, where many bugs have been fixed and new features introduced to increase compatibility with the SQL standards.\n\nIf you consider an upgrade, please make sure to dump the entire database system using the pg_dumpall utility. Please take into consideration that the newer PostgreSQL is more strict in its input handling. This means that tests like 'foo = NULL' which are not valid won't be accepted anymore. It also means that when using UNICODE encoding, ISO 8859-1 and ISO 8859-15 are no longer valid encodings to use when inserting data into the relation. In such a case you are advised to convert the dump in question usingrecode latin1..utf-16.\n\nThese problems have been fixed in version 7.2.1-2woody2 for the current stable distribution (woody) and in version 7.2.2-2 for the unstable distribution (sid). The old stable distribution (potato) is partially affected and we ship a fixed version 6.5.3-27.2 for it.", "edition": 6, "reporter": "Tenable", "published": "2004-09-29T00:00:00", "title": "Debian DSA-165-1 : postgresql - buffer overflows", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-1398", "CVE-2002-1401", "CVE-2002-1402", "CVE-2002-0972", "CVE-2002-1397", "CVE-2002-1400"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:2.2", "cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:postgresql"], "id": "DEBIAN_DSA-165.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15002", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-165. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15002);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2002-0972\", \"CVE-2002-1397\", \"CVE-2002-1398\", \"CVE-2002-1400\", \"CVE-2002-1401\", \"CVE-2002-1402\");\n script_xref(name:\"DSA\", value:\"165\");\n\n script_name(english:\"Debian DSA-165-1 : postgresql - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mordred Labs and others found several vulnerabilities in PostgreSQL,\nan object-relational SQL database. They are inherited from several\nbuffer overflows and integer overflows. Specially crafted long date\nand time input, currency, repeat data and long timezone names could\ncause the PostgreSQL server to crash as well as specially crafted\ninput data for lpad() and rpad(). More buffer/integer overflows were\nfound in circle_poly(), path_encode() and path_addr().\n\nExcept for the last three, these problems are fixed in the upstream\nrelease 7.2.2 of PostgreSQL which is the recommended version to use.\n\nMost of these problems do not exist in the version of PostgreSQL that\nDebian ships in the potato release since the corresponding\nfunctionality is not yet implemented. However, PostgreSQL 6.5.3 is\nquite old and may bear more risks than we are aware of, which may\ninclude further buffer overflows, and certainly include bugs that\nthreaten the integrity of your data.\n\nYou are strongly advised not to use this release but to upgrade your\nsystem to Debian 3.0 (stable) including PostgreSQL release 7.2.1\ninstead, where many bugs have been fixed and new features introduced\nto increase compatibility with the SQL standards.\n\nIf you consider an upgrade, please make sure to dump the entire\ndatabase system using the pg_dumpall utility. Please take into\nconsideration that the newer PostgreSQL is more strict in its input\nhandling. This means that tests like 'foo = NULL' which are not valid\nwon't be accepted anymore. It also means that when using UNICODE\nencoding, ISO 8859-1 and ISO 8859-15 are no longer valid encodings to\nuse when inserting data into the relation. In such a case you are\nadvised to convert the dump in question usingrecode latin1..utf-16.\n\nThese problems have been fixed in version 7.2.1-2woody2 for the\ncurrent stable distribution (woody) and in version 7.2.2-2 for the\nunstable distribution (sid). The old stable distribution (potato) is\npartially affected and we ship a fixed version 6.5.3-27.2 for it.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2002/dsa-165\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the PostgreSQL packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/08/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"ecpg\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"libpgperl\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"libpgsql2\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"libpgtcl\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"odbc-postgresql\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"pgaccess\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"postgresql\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"postgresql-client\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"postgresql-contrib\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"postgresql-dev\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"postgresql-doc\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"postgresql-pl\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"postgresql-test\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"python-pygresql\", reference:\"6.5.3-27.2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"courier-authpostgresql\", reference:\"0.37.3-3.1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libecpg3\", reference:\"7.2.1-2woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libpgperl\", reference:\"7.2.1-2woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libpgsql2\", reference:\"7.2.1-2woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libpgtcl\", reference:\"7.2.1-2woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"odbc-postgresql\", reference:\"7.2.1-2woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"pgaccess\", reference:\"7.2.1-2woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"postgresql\", reference:\"7.2.1-2woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"postgresql-client\", reference:\"7.2.1-2woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"postgresql-contrib\", reference:\"7.2.1-2woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"postgresql-dev\", reference:\"7.2.1-2woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"postgresql-doc\", reference:\"7.2.1-2woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"python-pygresql\", reference:\"7.2.1-2woody2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:57", "references": ["http://online.securityfocus.com/archive/1/288334", "http://online.securityfocus.com/archive/1/288036", "http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php", "http://online.securityfocus.com/archive/1/288305"], "pluginID": "13963", "description": "Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone.\n\nFinally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions.\n\nIn order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user.\n\nPrior to upgrading, users should dump their database and retain it as backup. You can dump the database by using :\n\n$ pg_dumpall > db.out\n\nIf you need to restore from the backup, you can do so by using :\n\n$ psql -f db.out template1\n\nUpdate :\n\nThe previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code.", "edition": 5, "reporter": "Tenable", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : postgresql (MDKSA-2002:062-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-1398", "CVE-2002-1401", "CVE-2002-1402", "CVE-2002-0972", "CVE-2002-1397", "CVE-2002-1400"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:7.2", "p-cpe:/a:mandriva:linux:postgresql-tcl", "p-cpe:/a:mandriva:linux:postgresql", "p-cpe:/a:mandriva:linux:libpgtcl2", "p-cpe:/a:mandriva:linux:postgresql-devel", "p-cpe:/a:mandriva:linux:libpgsql2", "p-cpe:/a:mandriva:linux:postgresql-docs", "cpe:/o:mandrakesoft:mandrake_linux:8.2", "p-cpe:/a:mandriva:linux:postgresql-test", "p-cpe:/a:mandriva:linux:postgresql-perl", "cpe:/o:mandrakesoft:mandrake_linux:8.0", "p-cpe:/a:mandriva:linux:postgresql-plperl", "p-cpe:/a:mandriva:linux:postgresql-odbc", "p-cpe:/a:mandriva:linux:postgresql-libs", "p-cpe:/a:mandriva:linux:postgresql-python", "p-cpe:/a:mandriva:linux:libpgsqlodbc0", "cpe:/o:mandrakesoft:mandrake_linux:9.0", "p-cpe:/a:mandriva:linux:libecpg3", "p-cpe:/a:mandriva:linux:postgresql-contrib", "cpe:/o:mandrakesoft:mandrake_linux:8.1", "p-cpe:/a:mandriva:linux:postgresql-jdbc", "p-cpe:/a:mandriva:linux:postgresql-tk", "p-cpe:/a:mandriva:linux:postgresql-server", "p-cpe:/a:mandriva:linux:libpgperl"], "id": "MANDRAKE_MDKSA-2002-062.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=13963", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2002:062. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(13963);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/07/19 20:59:12\");\n\n script_cve_id(\"CVE-2002-0972\", \"CVE-2002-1397\", \"CVE-2002-1398\", \"CVE-2002-1400\", \"CVE-2002-1401\", \"CVE-2002-1402\");\n script_xref(name:\"MDKSA\", value:\"2002:062-1\");\n\n script_name(english:\"Mandrake Linux Security Advisory : postgresql (MDKSA-2002:062-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerabilities were discovered in the Postgresql relational database\nby Mordred Labs. These vulnerabilities are buffer overflows in the\nrpad(), lpad(), repeat(), and cash_words() functions. The Postgresql\ndevelopers also fixed a buffer overflow in functions that deal with\ntime/date and timezone.\n\nFinally, more buffer overflows were discovered by Mordred Labs in the\n7.2.2 release that are currently only fixed in CVS. These buffer\noverflows exist in the circle_poly(), path_encode(), and path_addr()\nfunctions.\n\nIn order for these vulnerabilities to be exploited, an attacker must\nbe able to query the server somehow. However, this cannot directly\nlead to root privilege because the server runs as the postgresql user.\n\nPrior to upgrading, users should dump their database and retain it as\nbackup. You can dump the database by using :\n\n$ pg_dumpall > db.out\n\nIf you need to restore from the backup, you can do so by using :\n\n$ psql -f db.out template1\n\nUpdate :\n\nThe previous update missed a few small fixes, including a buffer\noverflow in the cash_words() function that allows local users to cause\na DoS and possibly execute arbitrary code via a malformed argument in\nPostgresql 7.2 and earlier. As well, buffer overflows in the TZ and\nSET TIME ZONE environment variables for Postgresql 7.2.1 and earlier\ncan allow local users to cause a DoS and possibly execute arbitrary\ncode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://online.securityfocus.com/archive/1/288036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://online.securityfocus.com/archive/1/288305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://online.securityfocus.com/archive/1/288334\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpgperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpgsql2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpgsqlodbc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpgtcl2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"postgresql-7.0.2-6.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"postgresql-devel-7.0.2-6.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"postgresql-jdbc-7.0.2-6.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"postgresql-odbc-7.0.2-6.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"postgresql-perl-7.0.2-6.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"postgresql-python-7.0.2-6.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"postgresql-server-7.0.2-6.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"postgresql-tcl-7.0.2-6.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"postgresql-test-7.0.2-6.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"postgresql-tk-7.0.2-6.2mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"postgresql-7.0.3-12.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"postgresql-devel-7.0.3-12.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"postgresql-jdbc-7.0.3-12.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"postgresql-odbc-7.0.3-12.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"postgresql-perl-7.0.3-12.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"postgresql-python-7.0.3-12.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"postgresql-server-7.0.3-12.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"postgresql-tcl-7.0.3-12.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"postgresql-test-7.0.3-12.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"postgresql-tk-7.0.3-12.3mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-contrib-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-devel-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-docs-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-jdbc-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-libs-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-odbc-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-perl-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-plperl-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-python-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-server-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-tcl-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-test-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"postgresql-tk-7.1.2-19.3mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libecpg3-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libpgperl-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libpgsql2-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libpgsqlodbc0-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libpgtcl2-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"postgresql-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"postgresql-contrib-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"postgresql-devel-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"postgresql-docs-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"postgresql-jdbc-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"postgresql-python-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"postgresql-server-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"postgresql-tcl-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"postgresql-test-7.2-12.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"postgresql-tk-7.2-12.2mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libecpg3-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libpgperl-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libpgsql2-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libpgsqlodbc0-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libpgtcl2-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"postgresql-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"postgresql-contrib-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"postgresql-devel-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"postgresql-docs-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"postgresql-jdbc-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"postgresql-python-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"postgresql-server-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"postgresql-tcl-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"postgresql-test-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"postgresql-tk-7.2.2-1.2mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:57", "references": ["http://online.securityfocus.com/archive/1/288334", "http://marc.info/?l=postgresql-general&m=102995302604086", "https://www.redhat.com/security/data/cve/CVE-2002-1402.html", "https://www.redhat.com/security/data/cve/CVE-2002-1401.html", "http://marc.info/?l=bugtraq&m=102987306029821", "http://online.securityfocus.com/archive/1/288036", "http://lwn.net/Articles/8445/", "https://www.redhat.com/security/data/cve/CVE-2002-1397.html", "http://rhn.redhat.com/errata/RHSA-2002-301.html", "http://marc.info/?l=postgresql-announce&m=103062536330644", "http://online.securityfocus.com/archive/1/288305", "http://marc.info/?l=bugtraq&m=102978152712430", "https://www.redhat.com/security/data/cve/CVE-2002-1398.html", "https://www.redhat.com/security/data/cve/CVE-2002-0972.html", "https://www.redhat.com/security/data/cve/CVE-2002-1400.html"], "pluginID": "12343", "description": "Updated PostgreSQL packages are available which correct several minor security vulnerabilities.\n\n[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1\n\nPostgreSQL is an advanced Object-Relational database management system (DBMS). Red Hat Linux Advanced Server 2.1 shipped with PostgreSQL version 7.1.3 which has several security vulnerabilities.\n\nBuffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the lpad or rpad functions. CVE-2002-0972\n\nBuffer overflow in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a malformed argument. CVE-2002-1397\n\nBuffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, referred to as a vulnerability 'in handling long datetime input.' CVE-2002-1398\n\nHeap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string. CVE-2002-1400\n\nBuffer overflows in circle_poly, path_encode, and path_add allow attackers to cause a denial of service and possibly execute arbitrary code. Note that these issues have been fixed in our packages and in PostgreSQL CVS, but are not included in PostgreSQL version 7.2.2 or 7.2.3. CVE-2002-1401\n\nBuffer overflows in the TZ and SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code. CVE-2002-1402\n\nNote that these vulnerabilities are only critical on open or shared systems because connecting to the database is required before the vulnerabilities can be exploited.\n\nThe PostgreSQL Global Development Team has released versions of PostgreSQL that fix these vulnerabilities, and these fixes have been isolated and backported into the updated 7.1.3 packages provided with this errata. All users of Red Hat Linux Advanced Server 2.1 who use PostgreSQL are advised to install these updated packages.", "edition": 5, "reporter": "Tenable", "published": "2004-07-06T00:00:00", "title": "RHEL 2.1 : postgresql (RHSA-2002:301)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-1398", "CVE-2002-1401", "CVE-2002-1402", "CVE-2002-0972", "CVE-2002-1397", "CVE-2002-1400"], "modified": "2016-12-28T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:postgresql-tk", "p-cpe:/a:redhat:enterprise_linux:postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-odbc", "p-cpe:/a:redhat:enterprise_linux:postgresql-tcl", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-python", "p-cpe:/a:redhat:enterprise_linux:postgresql-perl", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-libs"], "id": "REDHAT-RHSA-2002-301.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2002:301. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12343);\n script_version (\"$Revision: 1.20 $\");\n script_cvs_date(\"$Date: 2016/12/28 17:44:42 $\");\n\n script_cve_id(\"CVE-2002-0972\", \"CVE-2002-1397\", \"CVE-2002-1398\", \"CVE-2002-1400\", \"CVE-2002-1401\", \"CVE-2002-1402\");\n script_xref(name:\"RHSA\", value:\"2002:301\");\n\n script_name(english:\"RHEL 2.1 : postgresql (RHSA-2002:301)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated PostgreSQL packages are available which correct several minor\nsecurity vulnerabilities.\n\n[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation\n2.1\n\nPostgreSQL is an advanced Object-Relational database management system\n(DBMS). Red Hat Linux Advanced Server 2.1 shipped with PostgreSQL\nversion 7.1.3 which has several security vulnerabilities.\n\nBuffer overflows in PostgreSQL 7.2 allow attackers to cause a denial\nof service and possibly execute arbitrary code via long arguments to\nthe lpad or rpad functions. CVE-2002-0972\n\nBuffer overflow in the cash_words() function for PostgreSQL 7.2 and\nearlier allows local users to cause a denial of service and possibly\nexecute arbitrary code via a malformed argument. CVE-2002-1397\n\nBuffer overflow in the date parser for PostgreSQL before 7.2.2 allows\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a long date string, referred to as a vulnerability 'in\nhandling long datetime input.' CVE-2002-1398\n\nHeap-based buffer overflow in the repeat() function for PostgreSQL\nbefore 7.2.2 allows attackers to execute arbitrary code by causing\nrepeat() to generate a large string. CVE-2002-1400\n\nBuffer overflows in circle_poly, path_encode, and path_add allow\nattackers to cause a denial of service and possibly execute arbitrary\ncode. Note that these issues have been fixed in our packages and in\nPostgreSQL CVS, but are not included in PostgreSQL version 7.2.2 or\n7.2.3. CVE-2002-1401\n\nBuffer overflows in the TZ and SET TIME ZONE enivronment variables for\nPostgreSQL 7.2.1 and earlier allow local users to cause a denial of\nservice and possibly execute arbitrary code. CVE-2002-1402\n\nNote that these vulnerabilities are only critical on open or shared\nsystems because connecting to the database is required before the\nvulnerabilities can be exploited.\n\nThe PostgreSQL Global Development Team has released versions of\nPostgreSQL that fix these vulnerabilities, and these fixes have been\nisolated and backported into the updated 7.1.3 packages provided with\nthis errata. All users of Red Hat Linux Advanced Server 2.1 who use\nPostgreSQL are advised to install these updated packages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-0972.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-1397.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-1398.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-1400.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-1401.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2002-1402.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lwn.net/Articles/8445/\"\n );\n # http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://marc.info/?l=postgresql-announce&m=103062536330644\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=102978152712430\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://marc.info/?l=bugtraq&m=102978152712430\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=102987306029821\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://marc.info/?l=bugtraq&m=102987306029821\"\n );\n # http://marc.theaimsgroup.com/?l=postgresql-general&m=102995302604086\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://marc.info/?l=postgresql-general&m=102995302604086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://online.securityfocus.com/archive/1/288334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://online.securityfocus.com/archive/1/288305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://online.securityfocus.com/archive/1/288036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2002-301.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2002:301\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-7.1.3-4bp.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-contrib-7.1.3-4bp.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-devel-7.1.3-4bp.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-docs-7.1.3-4bp.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-jdbc-7.1.3-4bp.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-libs-7.1.3-4bp.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-odbc-7.1.3-4bp.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-perl-7.1.3-4bp.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-python-7.1.3-4bp.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-server-7.1.3-4bp.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-tcl-7.1.3-4bp.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"postgresql-tk-7.1.3-4bp.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-03-28T01:01:46", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-tk-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql-tk", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-tcl-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-jdbc-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-python-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-docs-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-perl-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-libs-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-perl-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-libs-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-server-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-python-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-devel-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-docs-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-jdbc-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-contrib-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-contrib-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-odbc-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql-odbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-odbc-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql-odbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-tcl-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-server-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "i386", "packageFilename": "postgresql-devel-7.1.3-4bp.2.i386.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.1.3-4bp.2", "arch": "ia64", "packageFilename": "postgresql-tk-7.1.3-4bp.2.ia64.rpm", "packageName": "postgresql-tk", "operator": "lt"}], "description": "PostgreSQL is an advanced Object-Relational database management system\n(DBMS). Red Hat Linux Advanced Server 2.1 shipped with PostgreSQL version\n7.1.3 which has several security vulnerabilities. \n\nBuffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of\nservice and possibly execute arbitrary code via long arguments to the lpad\nor rpad functions. CAN-2002-0972\n\nBuffer overflow in the cash_words() function for PostgreSQL 7.2 and\nearlier allows local users to cause a denial of service and possibly\nexecute arbitrary code via a malformed argument. CAN-2002-1397\n\nBuffer overflow in the date parser for PostgreSQL before 7.2.2 allows\nattackers to cause a denial of service and possibly execute arbitrary\ncode via a long date string, referred to as a vulnerability \"in handling\nlong datetime input.\" CAN-2002-1398\n\nHeap-based buffer overflow in the repeat() function for PostgreSQL\nbefore 7.2.2 allows attackers to execute arbitrary code by causing\nrepeat() to generate a large string. CAN-2002-1400\n\nBuffer overflows in circle_poly, path_encode, and path_add allow attackers\nto cause a denial of service and possibly execute arbitrary code. Note\nthat these issues have been fixed in our packages and in PostgreSQL CVS,\nbut are not included in PostgreSQL version 7.2.2 or 7.2.3. CAN-2002-1401\n\nBuffer overflows in the TZ and SET TIME ZONE enivronment variables for\nPostgreSQL 7.2.1 and earlier allow local users to cause a denial of service\nand possibly execute arbitrary code. CAN-2002-1402\n\nNote that these vulnerabilities are only critical on open or shared systems\nbecause connecting to the database is required before the vulnerabilities\ncan be exploited.\n\nThe PostgreSQL Global Development Team has released versions of PostgreSQL\nthat fix these vulnerabilities, and these fixes have been isolated and\nbackported into the updated 7.1.3 packages provided with this errata.\nAll users of Red Hat Linux Advanced Server 2.1 who use PostgreSQL are\nadvised to install these updated packages.", "reporter": "RedHat", "published": "2003-02-06T05:00:00", "type": "redhat", "title": "(RHSA-2002:301) postgresql security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2002-0972", "CVE-2002-1397", "CVE-2002-1398", "CVE-2002-1400", "CVE-2002-1401", "CVE-2002-1402"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-14T19:27:29", "id": "RHSA-2002:301", "href": "https://access.redhat.com/errata/RHSA-2002:301", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
