Lucene search
Debian: Security Advisory (DSA-2630-1)
🗓️ 19 Feb 2013 00:00:00Reported by Copyright (C) 2013 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 14 Views
The remote host is missing an update for the Debian 'postgresql-8.4' package(s) announced via the DSA-2630-1 advisory. PostgreSQL could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service. The problem has been fixed in version 8.4.16-0squeeze1
Show more
| Reporter | Title | Published | Views | Family All 63 |
|---|---|---|---|---|
 | [SECURITY] Fedora 18 Update: postgresql-9.2.3-1.fc18 | 11 Feb 201304:53 | – | fedora |
| [SECURITY] Fedora 18 Update: postgresql-9.2.4-1.fc18 | 5 Apr 201322:59 | – | fedora |
| [SECURITY] Fedora 17 Update: postgresql-9.1.8-1.fc17 | 17 Feb 201303:30 | – | fedora |
| [SECURITY] Fedora 17 Update: postgresql-9.1.9-1.fc17 | 5 Apr 201323:11 | – | fedora |
| Fedora Update for postgresql FEDORA-2013-2123 | 15 Feb 201300:00 | – | openvas |
| Ubuntu: Security Advisory (USN-1717-1) | 15 Feb 201300:00 | – | openvas |
| Debian Security Advisory DSA 2630-1 (postgresql-8.4 - programming error) | 20 Feb 201300:00 | – | openvas |
| Ubuntu Update for postgresql-9.1 USN-1717-1 | 15 Feb 201300:00 | – | openvas |
| SUSE: Security Advisory (SUSE-SU-2013:0517-1) | 9 Jun 202100:00 | – | openvas |
| PostgreSQL Denial of Service Vulnerability - Windows | 20 Mar 201300:00 | – | openvas |
10
| Source | Link |
|---|---|
| debian | www.debian.org/security/2013/DSA-2630-1 |
| security-tracker | www.security-tracker.debian.org/tracker/DSA-2630 |
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.702630");
script_cve_id("CVE-2013-0255");
script_tag(name:"creation_date", value:"2013-02-19 23:00:00 +0000 (Tue, 19 Feb 2013)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:C");
script_name("Debian: Security Advisory (DSA-2630-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB6");
script_xref(name:"Advisory-ID", value:"DSA-2630-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2013/DSA-2630-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2630");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'postgresql-8.4' package(s) announced via the DSA-2630-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Sumit Soni discovered that PostgreSQL, an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service.
For the stable distribution (squeeze), this problem has been fixed in version 8.4.16-0squeeze1.
For the testing distribution (wheezy), this problem has been fixed in version 8.4.16-1.
For the unstable distribution (sid), this problem has been fixed in version 8.4.16-1.
We recommend that you upgrade your postgresql-8.4 packages.");
script_tag(name:"affected", value:"'postgresql-8.4' package(s) on Debian 6.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB6") {
if(!isnull(res = isdpkgvuln(pkg:"libecpg-compat3", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libecpg-dev", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libecpg6", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libpgtypes3", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libpq-dev", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libpq5", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql-8.4", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql-client", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql-client-8.4", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql-contrib", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql-contrib-8.4", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql-doc", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql-doc-8.4", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql-plperl-8.4", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql-plpython-8.4", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql-pltcl-8.4", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"postgresql-server-dev-8.4", ver:"8.4.16-0squeeze1", rls:"DEB6"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo19 Feb 2013 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS26.8
EPSS0.03086