Search...

PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)

2014-07-07T00:00:00

ID OPENVAS:1361412562310804711
Type openvas
Reporter Copyright (C) 2014 Greenbone Networks GmbH
Modified 2019-05-20T00:00:00

Description

This host is installed with PostgreSQL and is prone to local privilege escalation vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)
#
# Authors:
# Thanga Prakash S &lt;tprakash@secpod.com&gt;
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:postgresql:postgresql";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.804711");
  script_version("2019-05-20T11:12:48+0000");
  script_cve_id("CVE-2014-0067");
  script_bugtraq_id(65721);
  script_tag(name:"cvss_base", value:"4.6");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2019-05-20 11:12:48 +0000 (Mon, 20 May 2019)");
  script_tag(name:"creation_date", value:"2014-07-07 15:34:21 +0530 (Mon, 07 Jul 2014)");
  script_name("PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)");

  script_tag(name:"summary", value:"This host is installed with PostgreSQL and is prone to local privilege
  escalation vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Flaw is due to an error when creating a PostgreSQL database cluster during
  'make check'.");

  script_tag(name:"impact", value:"Successful exploitation may allow local attacker to gain temporary server
  access and elevated privileges.");

  script_tag(name:"affected", value:"PostgreSQL version 9.3.3 and earlier");

  script_tag(name:"solution", value:"Update to version 9.3.6, 9.4.1 or later.");

  script_tag(name:"qod_type", value:"remote_banner");
  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name:"URL", value:"http://secunia.com/advisories/57054");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/91459");
  script_xref(name:"URL", value:"http://wiki.postgresql.org/wiki/20140220securityrelease");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
  script_family("Databases");
  script_dependencies("postgresql_detect.nasl", "os_detection.nasl");
  script_require_ports("Services/postgresql", 5432);
  script_mandatory_keys("PostgreSQL/installed", "Host/runs_windows");
  exit(0);
}

include("misc_func.inc");
include("version_func.inc");
include("host_details.inc");

if(!pgsqlPort = get_app_port(cpe:CPE)) exit(0);

pgsqlVer = get_app_version(cpe:CPE, port:pgsqlPort);
if(!pgsqlVer || pgsqlVer !~ "^(8\.4|9\.[0-3])\."){
  exit(0);
}

if(version_in_range(version:pgsqlVer, test_version:"8.4", test_version2:"9.3.3"))
{
  security_message(port:pgsqlPort);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310804711", "bulletinFamily": "scanner", "title": "PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)", "description": "This host is installed with PostgreSQL and is prone to local privilege\n escalation vulnerability.", "published": "2014-07-07T00:00:00", "modified": "2019-05-20T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804711", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["http://wiki.postgresql.org/wiki/20140220securityrelease", "http://secunia.com/advisories/57054", "http://xforce.iss.net/xforce/xfdb/91459"], "cvelist": ["CVE-2014-0067"], "type": "openvas", "lastseen": "2019-05-29T18:37:41", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-0067"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is installed with PostgreSQL and is prone to local privilege\n escalation vulnerability.", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-05-21T14:46:26", "references": [{"idList": ["OPENVAS:702864", "OPENVAS:1361412562310702865", "OPENVAS:702865", "OPENVAS:1361412562310702864", "OPENVAS:1361412562310120168"], "type": "openvas"}, {"idList": ["POSTGRESQL:CVE-2014-0067"], "type": "postgresql"}, {"idList": ["CVE-2014-0067"], "type": "cve"}, {"idList": ["42D42090-9A4D-11E3-B029-08002798F6FF"], "type": "freebsd"}, {"idList": ["OPENSUSE-2014-192.NASL", "FREEBSD_PKG_42D420909A4D11E3B02908002798F6FF.NASL", "DEBIAN_DLA-19.NASL", "DEBIAN_DSA-2864.NASL", "SUSE_11_LIBECPG6-140303.NASL", "POSTGRESQL_20150205.NASL", "DEBIAN_DSA-2865.NASL", "MANDRIVA_MDVSA-2015-110.NASL", "MANDRIVA_MDVSA-2014-047.NASL", "ALA_ALAS-2015-492.NASL"], "type": "nessus"}, {"idList": ["ALAS-2015-492"], "type": "amazon"}, {"idList": ["DEBIAN:DSA-2864-1:E2CA0", "DEBIAN:DSA-2865-1:BFC29", "DEBIAN:DLA-0019-1:77DBF"], "type": "debian"}, {"idList": ["SECURITYVULNS:VULN:13584", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:VULN:14630"], "type": "securityvulns"}, {"idList": ["SSV:61544"], "type": "seebug"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "3f477da356fae4d3a05dfa15ff6a42d06b82fcca00b30c15ba817ced42980348", "hashmap": [{"hash": "ce8c41bd2cdb6ad722f9eef8bd905a57", "key": "title"}, {"hash": "4ac0cf9c01f937f4113ca4fdc06c2da4", "key": "description"}, {"hash": "b7158ad4a4eaacf4540bc22f86c54a85", "key": "cvelist"}, {"hash": "eaf6c837d3dbee6af2dc9097e02d7443", "key": "modified"}, {"hash": "cb4306dff845e681f3ba00a18aeaf4e9", "key": "pluginID"}, {"hash": "3de2af208f8d3b10f9b7bdea4dd56449", "key": "href"}, {"hash": "11a1571a90549b6f03cc1094e1af417d", "key": "sourceData"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "91944395e54b255f5d0a07b64645ce1c", "key": "references"}, {"hash": "729d81ab74dae7300a4e8eaf1ff82c00", "key": "published"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804711", "id": "OPENVAS:1361412562310804711", "lastseen": "2019-05-21T14:46:26", "modified": "2019-05-20T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310804711", "published": "2014-07-07T00:00:00", "references": ["http://wiki.postgresql.org/wiki/20140220securityrelease", "http://secunia.com/advisories/57054", "http://xforce.iss.net/xforce/xfdb/91459"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:postgresql:postgresql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804711\");\n script_version(\"2019-05-20T11:12:48+0000\");\n script_cve_id(\"CVE-2014-0067\");\n script_bugtraq_id(65721);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-20 11:12:48 +0000 (Mon, 20 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-07-07 15:34:21 +0530 (Mon, 07 Jul 2014)\");\n script_name(\"PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PostgreSQL and is prone to local privilege\n escalation vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaw is due to an error when creating a PostgreSQL database cluster during\n 'make check'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation may allow local attacker to gain temporary server\n access and elevated privileges.\");\n\n script_tag(name:\"affected\", value:\"PostgreSQL version 9.3.3 and earlier\");\n\n script_tag(name:\"solution\", value:\"Update to version 9.3.6, 9.4.1 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57054\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/91459\");\n script_xref(name:\"URL\", value:\"http://wiki.postgresql.org/wiki/20140220securityrelease\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"postgresql_detect.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/postgresql\", 5432);\n script_mandatory_keys(\"PostgreSQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!pgsqlPort = get_app_port(cpe:CPE)) exit(0);\n\npgsqlVer = get_app_version(cpe:CPE, port:pgsqlPort);\nif(!pgsqlVer || pgsqlVer !~ \"^(8\\.4|9\\.[0-3])\\.\"){\n exit(0);\n}\n\nif(version_in_range(version:pgsqlVer, test_version:\"8.4\", test_version2:\"9.3.3\"))\n{\n security_message(port:pgsqlPort);\n exit(0);\n}\n", "title": "PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)", "type": "openvas", "viewCount": 9}, "differentElements": ["cvss"], "edition": 9, "lastseen": "2019-05-21T14:46:26"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-0067"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is installed with PostgreSQL and is prone to local privilege\nescalation vulnerability.", "edition": 2, "enchantments": {"score": null}, "hash": "30e46fb7a00e700d00c141ab9eec84765b5c2828a3e5f364f36960442d4ddaa0", "hashmap": [{"hash": "ce8c41bd2cdb6ad722f9eef8bd905a57", "key": "title"}, {"hash": "c5bb34af05c207ad0795b24b339835fb", "key": "modified"}, {"hash": "b7158ad4a4eaacf4540bc22f86c54a85", "key": "cvelist"}, {"hash": "e5d02e3a49593d028c4460a2020a00a4", "key": "description"}, {"hash": "cb4306dff845e681f3ba00a18aeaf4e9", "key": "pluginID"}, {"hash": "3de2af208f8d3b10f9b7bdea4dd56449", "key": "href"}, {"hash": "87ef6a56382fe45ce21dfa3601d72d41", "key": "sourceData"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "91944395e54b255f5d0a07b64645ce1c", "key": "references"}, {"hash": "729d81ab74dae7300a4e8eaf1ff82c00", "key": "published"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804711", "id": "OPENVAS:1361412562310804711", "lastseen": "2017-10-25T14:32:33", "modified": "2017-10-24T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310804711", "published": "2014-07-07T00:00:00", "references": ["http://wiki.postgresql.org/wiki/20140220securityrelease", "http://secunia.com/advisories/57054", "http://xforce.iss.net/xforce/xfdb/91459"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_postgresql_priv_esc_vuln_jul14_win.nasl 7547 2017-10-24 12:02:32Z cfischer $\n#\n# PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:postgresql:postgresql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804711\");\n script_version(\"$Revision: 7547 $\");\n script_cve_id(\"CVE-2014-0067\");\n script_bugtraq_id(65721);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 14:02:32 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-07 15:34:21 +0530 (Mon, 07 Jul 2014)\");\n script_name(\"PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\");\n\n tag_summary =\n\"This host is installed with PostgreSQL and is prone to local privilege\nescalation vulnerability.\";\n\n tag_vuldetect =\n\"Get the installed version with the help of detect NVT and check the version\nis vulnerable or not.\";\n\n tag_insight =\n\"Flaw is due to an error when creating a PostgreSQL database cluster during\n'make check'.\";\n\n tag_impact =\n\"Successful exploitation may allow local attacker to gain temporary server\naccess and elevated privileges.\n\nImpact Level: System/Application\";\n\n tag_affected =\n\"PostgreSQL version 9.3.3 and earlier\";\n\n tag_solution =\n\"No Solution or patch is available as of 7th July, 2014. Information\nregarding this issue will updated once the solution details are available.\nFor updates refer to http://www.postgresql.org/download\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/57054\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/91459\");\n script_xref(name : \"URL\" , value : \"http://wiki.postgresql.org/wiki/20140220securityrelease\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"postgresql_detect.nasl\",\"os_detection.nasl\");\n script_require_ports(\"Services/postgresql\", 5432);\n script_mandatory_keys(\"PostgreSQL/installed\",\"Host/runs_windows\");\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variable Initialization\npgsqlPort = \"\";\npgsqlVer = \"\";\n\n## Get the default port\npgsqlPort = get_app_port(cpe:CPE);\nif(!pgsqlPort){\n pgsqlPort = 5432;\n}\n\n## Get the PostgreSQL version\npgsqlVer = get_app_version(cpe:CPE, port:pgsqlPort);\nif(isnull(pgsqlVer) || !(pgsqlVer =~ \"^((8\\.4|9\\.(0|1|2|3)))\")){\n exit(0);\n}\n\n## Check for vulnerable PostgreSQL versions\nif(version_in_range(version:pgsqlVer, test_version:\"8.4\", test_version2:\"9.3.3\"))\n{\n security_message(port:pgsqlPort);\n exit(0);\n}\n", "title": "PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)", "type": "openvas", "viewCount": 1}, "differentElements": ["description", "modified", "sourceData"], "edition": 2, "lastseen": "2017-10-25T14:32:33"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-0067"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is installed with PostgreSQL and is prone to local privilege\nescalation vulnerability.", "edition": 1, "enchantments": {}, "hash": "d6ad6bbca76fd44b263d4a29d7513a00aca9e9704734e726f2d1c97da1871b5a", "hashmap": [{"hash": "ce8c41bd2cdb6ad722f9eef8bd905a57", "key": "title"}, {"hash": "b7158ad4a4eaacf4540bc22f86c54a85", "key": "cvelist"}, {"hash": "e5d02e3a49593d028c4460a2020a00a4", "key": "description"}, {"hash": "9e1a9043f61d490de29fca9d4b6d70c0", "key": "modified"}, {"hash": "cb4306dff845e681f3ba00a18aeaf4e9", "key": "pluginID"}, {"hash": "3de2af208f8d3b10f9b7bdea4dd56449", "key": "href"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "6421eb2fa48b15bbc6997b901eb22ac4", "key": "sourceData"}, {"hash": "91944395e54b255f5d0a07b64645ce1c", "key": "references"}, {"hash": "729d81ab74dae7300a4e8eaf1ff82c00", "key": "published"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804711", "id": "OPENVAS:1361412562310804711", "lastseen": "2017-07-02T21:09:17", "modified": "2017-04-11T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310804711", "published": "2014-07-07T00:00:00", "references": ["http://wiki.postgresql.org/wiki/20140220securityrelease", "http://secunia.com/advisories/57054", "http://xforce.iss.net/xforce/xfdb/91459"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_postgresql_priv_esc_vuln_jul14_win.nasl 5933 2017-04-11 10:42:30Z cfi $\n#\n# PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:postgresql:postgresql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804711\");\n script_version(\"$Revision: 5933 $\");\n script_cve_id(\"CVE-2014-0067\");\n script_bugtraq_id(65721);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-11 12:42:30 +0200 (Tue, 11 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-07 15:34:21 +0530 (Mon, 07 Jul 2014)\");\n script_name(\"PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\");\n\n tag_summary =\n\"This host is installed with PostgreSQL and is prone to local privilege\nescalation vulnerability.\";\n\n tag_vuldetect =\n\"Get the installed version with the help of detect NVT and check the version\nis vulnerable or not.\";\n\n tag_insight =\n\"Flaw is due to an error when creating a PostgreSQL database cluster during\n'make check'.\";\n\n tag_impact =\n\"Successful exploitation may allow local attacker to gain temporary server\naccess and elevated privileges.\n\nImpact Level: System/Application\";\n\n tag_affected =\n\"PostgreSQL version 9.3.3 and earlier\";\n\n tag_solution =\n\"No Solution or patch is available as of 7th July, 2014. Information\nregarding this issue will updated once the solution details are available.\nFor updates refer to http://www.postgresql.org/download\";\n\n\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/57054\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/91459\");\n script_xref(name : \"URL\" , value : \"http://wiki.postgresql.org/wiki/20140220securityrelease\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"postgresql_detect.nasl\",\"os_detection.nasl\");\n script_require_ports(\"Services/postgresql\", 5432);\n script_mandatory_keys(\"PostgreSQL/installed\",\"Host/runs_windows\");\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n## Variable Initialization\npgsqlPort = \"\";\npgsqlVer = \"\";\n\n## Exit if its not windows\nif(host_runs(\"Windows\") != \"yes\"){\n exit(0);\n}\n\n## Get the default port\npgsqlPort = get_app_port(cpe:CPE);\nif(!pgsqlPort){\n pgsqlPort = 5432;\n}\n\n## Get the PostgreSQL version\npgsqlVer = get_app_version(cpe:CPE, port:pgsqlPort);\nif(isnull(pgsqlVer) || !(pgsqlVer =~ \"^((8\\.4|9\\.(0|1|2|3)))\")){\n exit(0);\n}\n\n## Check for vulnerable PostgreSQL versions\nif(version_in_range(version:pgsqlVer, test_version:\"8.4\", test_version2:\"9.3.3\"))\n{\n security_message(port:pgsqlPort);\n exit(0);\n}\n", "title": "PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)", "type": "openvas", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:09:17"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-0067"], "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This host is installed with PostgreSQL and is prone to local privilege\n escalation vulnerability.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "f6dbc53258c753fe745a7058115acadc94acfa4aa3f3fea53b7529480f59f744", "hashmap": [{"hash": "0b1b39053b5d3c58e63df3388fdb658e", "key": "modified"}, {"hash": "ce8c41bd2cdb6ad722f9eef8bd905a57", "key": "title"}, {"hash": "4ac0cf9c01f937f4113ca4fdc06c2da4", "key": "description"}, {"hash": "b7158ad4a4eaacf4540bc22f86c54a85", "key": "cvelist"}, {"hash": "cb4306dff845e681f3ba00a18aeaf4e9", "key": "pluginID"}, {"hash": "3de2af208f8d3b10f9b7bdea4dd56449", "key": "href"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "c3cd659ac954ddc6e11c9202a7b949b3", "key": "sourceData"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "292f2e293571b0e70e3182b615982dad", "key": "cvss"}, {"hash": "91944395e54b255f5d0a07b64645ce1c", "key": "references"}, {"hash": "729d81ab74dae7300a4e8eaf1ff82c00", "key": "published"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804711", "id": "OPENVAS:1361412562310804711", "lastseen": "2018-04-24T15:40:00", "modified": "2018-04-24T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310804711", "published": "2014-07-07T00:00:00", "references": ["http://wiki.postgresql.org/wiki/20140220securityrelease", "http://secunia.com/advisories/57054", "http://xforce.iss.net/xforce/xfdb/91459"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_postgresql_priv_esc_vuln_jul14_win.nasl 9579 2018-04-24 08:28:33Z cfischer $\n#\n# PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:postgresql:postgresql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804711\");\n script_version(\"$Revision: 9579 $\");\n script_cve_id(\"CVE-2014-0067\");\n script_bugtraq_id(65721);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-24 10:28:33 +0200 (Tue, 24 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-07 15:34:21 +0530 (Mon, 07 Jul 2014)\");\n script_name(\"PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PostgreSQL and is prone to local privilege\n escalation vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help of detect NVT and check the version\n is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"Flaw is due to an error when creating a PostgreSQL database cluster during\n 'make check'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation may allow local attacker to gain temporary server\n access and elevated privileges.\n\n Impact Level: System/Application\");\n\n script_tag(name:\"affected\", value:\"PostgreSQL version 9.3.3 and earlier\");\n\n script_tag(name:\"solution\", value:\"Update to version 9.3.6, 9.4.1 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57054\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/91459\");\n script_xref(name:\"URL\", value:\"http://wiki.postgresql.org/wiki/20140220securityrelease\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"postgresql_detect.nasl\",\"os_detection.nasl\");\n script_require_ports(\"Services/postgresql\", 5432);\n script_mandatory_keys(\"PostgreSQL/installed\",\"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!pgsqlPort = get_app_port(cpe:CPE)) exit(0);\n\npgsqlVer = get_app_version(cpe:CPE, port:pgsqlPort);\nif(isnull(pgsqlVer) || !(pgsqlVer =~ \"^((8\\.4|9\\.(0|1|2|3)))\")){\n exit(0);\n}\n\nif(version_in_range(version:pgsqlVer, test_version:\"8.4\", test_version2:\"9.3.3\"))\n{\n security_message(port:pgsqlPort);\n exit(0);\n}\n", "title": "PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)", "type": "openvas", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-04-24T15:40:00"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-0067"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This host is installed with PostgreSQL and is prone to local privilege\n escalation vulnerability.", "edition": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "462b8332b0778f1a608a20b6ebeea019b5f75c26312b596b6eb4d722272012ca", "hashmap": [{"hash": "ce8c41bd2cdb6ad722f9eef8bd905a57", "key": "title"}, {"hash": "52885c0abcd9c53516142c13729f3c9e", "key": "sourceData"}, {"hash": "4ac0cf9c01f937f4113ca4fdc06c2da4", "key": "description"}, {"hash": "b7158ad4a4eaacf4540bc22f86c54a85", "key": "cvelist"}, {"hash": "cb4306dff845e681f3ba00a18aeaf4e9", "key": "pluginID"}, {"hash": "3de2af208f8d3b10f9b7bdea4dd56449", "key": "href"}, {"hash": "1a65aed9503172bfd5e50b772686fbb8", "key": "modified"}, {"hash": "06df9aea2d851c3b10ab498f59f0777d", "key": "reporter"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ea2ef9b0d095bf991f4973633b485340", "key": "naslFamily"}, {"hash": "91944395e54b255f5d0a07b64645ce1c", "key": "references"}, {"hash": "729d81ab74dae7300a4e8eaf1ff82c00", "key": "published"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804711", "id": "OPENVAS:1361412562310804711", "lastseen": "2018-08-30T19:24:09", "modified": "2018-08-24T00:00:00", "naslFamily": "Databases", "objectVersion": "1.3", "pluginID": "1361412562310804711", "published": "2014-07-07T00:00:00", "references": ["http://wiki.postgresql.org/wiki/20140220securityrelease", "http://secunia.com/advisories/57054", "http://xforce.iss.net/xforce/xfdb/91459"], "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_postgresql_priv_esc_vuln_jul14_win.nasl 11108 2018-08-24 14:27:07Z mmartin $\n#\n# PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:postgresql:postgresql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804711\");\n script_version(\"$Revision: 11108 $\");\n script_cve_id(\"CVE-2014-0067\");\n script_bugtraq_id(65721);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-24 16:27:07 +0200 (Fri, 24 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-07 15:34:21 +0530 (Mon, 07 Jul 2014)\");\n script_name(\"PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PostgreSQL and is prone to local privilege\n escalation vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaw is due to an error when creating a PostgreSQL database cluster during\n 'make check'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation may allow local attacker to gain temporary server\n access and elevated privileges.\n\n Impact Level: System/Application\");\n\n script_tag(name:\"affected\", value:\"PostgreSQL version 9.3.3 and earlier\");\n\n script_tag(name:\"solution\", value:\"Update to version 9.3.6, 9.4.1 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57054\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/91459\");\n script_xref(name:\"URL\", value:\"http://wiki.postgresql.org/wiki/20140220securityrelease\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"postgresql_detect.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/postgresql\", 5432);\n script_mandatory_keys(\"PostgreSQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!pgsqlPort = get_app_port(cpe:CPE)) exit(0);\n\npgsqlVer = get_app_version(cpe:CPE, port:pgsqlPort);\nif(isnull(pgsqlVer) || !(pgsqlVer =~ \"^((8\\.4|9\\.(0|1|2|3)))\")){\n exit(0);\n}\n\nif(version_in_range(version:pgsqlVer, test_version:\"8.4\", test_version2:\"9.3.3\"))\n{\n security_message(port:pgsqlPort);\n exit(0);\n}\n", "title": "PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)", "type": "openvas", "viewCount": 1}, "differentElements": ["cvss"], "edition": 6, "lastseen": "2018-08-30T19:24:09"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "b7158ad4a4eaacf4540bc22f86c54a85"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "description", "hash": "4ac0cf9c01f937f4113ca4fdc06c2da4"}, {"key": "href", "hash": "3de2af208f8d3b10f9b7bdea4dd56449"}, {"key": "modified", "hash": "eaf6c837d3dbee6af2dc9097e02d7443"}, {"key": "naslFamily", "hash": "ea2ef9b0d095bf991f4973633b485340"}, {"key": "pluginID", "hash": "cb4306dff845e681f3ba00a18aeaf4e9"}, {"key": "published", "hash": "729d81ab74dae7300a4e8eaf1ff82c00"}, {"key": "references", "hash": "91944395e54b255f5d0a07b64645ce1c"}, {"key": "reporter", "hash": "06df9aea2d851c3b10ab498f59f0777d"}, {"key": "sourceData", "hash": "11a1571a90549b6f03cc1094e1af417d"}, {"key": "title", "hash": "ce8c41bd2cdb6ad722f9eef8bd905a57"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "202f91ed8dc5554f5fe57bcbb070f8a40e8bc9ec31a06bbd7f4338ca6e264356", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0067"]}, {"type": "postgresql", "idList": ["POSTGRESQL:CVE-2014-0067"]}, {"type": "debian", "idList": ["DEBIAN:DLA-0019-1:77DBF", "DEBIAN:DSA-2864-1:E2CA0", "DEBIAN:DSA-2865-1:BFC29"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-19.NASL", "POSTGRESQL_20150205.NASL", "ALA_ALAS-2015-492.NASL", "SUSE_11_LIBECPG6-140303.NASL", "OPENSUSE-2014-192.NASL", "FREEBSD_PKG_42D420909A4D11E3B02908002798F6FF.NASL", "MANDRIVA_MDVSA-2014-047.NASL", "DEBIAN_DSA-2865.NASL", "DEBIAN_DSA-2864.NASL", "MANDRIVA_MDVSA-2015-110.NASL"]}, {"type": "seebug", "idList": ["SSV:61544"]}, {"type": "amazon", "idList": ["ALAS-2015-492"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120168", "OPENVAS:702864", "OPENVAS:1361412562310702865", "OPENVAS:702865", "OPENVAS:1361412562310702864"]}, {"type": "freebsd", "idList": ["42D42090-9A4D-11E3-B029-08002798F6FF"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13584", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:VULN:14630"]}], "modified": "2019-05-29T18:37:41"}, "score": {"value": 5.7, "vector": "NONE", "modified": "2019-05-29T18:37:41"}, "vulnersScore": 5.7}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:postgresql:postgresql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804711\");\n script_version(\"2019-05-20T11:12:48+0000\");\n script_cve_id(\"CVE-2014-0067\");\n script_bugtraq_id(65721);\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-20 11:12:48 +0000 (Mon, 20 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-07-07 15:34:21 +0530 (Mon, 07 Jul 2014)\");\n script_name(\"PostgreSQL 'make check' Local Privilege Escalation Vulnerability July14 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PostgreSQL and is prone to local privilege\n escalation vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaw is due to an error when creating a PostgreSQL database cluster during\n 'make check'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation may allow local attacker to gain temporary server\n access and elevated privileges.\");\n\n script_tag(name:\"affected\", value:\"PostgreSQL version 9.3.3 and earlier\");\n\n script_tag(name:\"solution\", value:\"Update to version 9.3.6, 9.4.1 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57054\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/91459\");\n script_xref(name:\"URL\", value:\"http://wiki.postgresql.org/wiki/20140220securityrelease\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"postgresql_detect.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/postgresql\", 5432);\n script_mandatory_keys(\"PostgreSQL/installed\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!pgsqlPort = get_app_port(cpe:CPE)) exit(0);\n\npgsqlVer = get_app_version(cpe:CPE, port:pgsqlPort);\nif(!pgsqlVer || pgsqlVer !~ \"^(8\\.4|9\\.[0-3])\\.\"){\n exit(0);\n}\n\nif(version_in_range(version:pgsqlVer, test_version:\"8.4\", test_version2:\"9.3.3\"))\n{\n security_message(port:pgsqlPort);\n exit(0);\n}\n", "naslFamily": "Databases", "pluginID": "1361412562310804711", "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:13:42", "bulletinFamily": "NVD", "description": "The \"make check\" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.", "modified": "2017-12-16T02:29:00", "id": "CVE-2014-0067", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067", "published": "2014-03-31T14:58:00", "title": "CVE-2014-0067", "type": "cve", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "postgresql": [{"lastseen": "2019-05-29T18:31:44", "bulletinFamily": "software", "description": "Unauthenticated users may gain access to the database server during \"make check\"..", "modified": "2014-03-31T14:58:00", "published": "2014-03-31T14:58:00", "href": "https://www.postgresql.org/support/security/", "id": "POSTGRESQL:CVE-2014-0067", "type": "postgresql", "title": "Vulnerability in other (CVE-2014-0067)", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:50", "bulletinFamily": "unix", "description": "Debian Security Advisory DLA-0019-1\nhttps://wiki.debian.org/LTS\n- ----------------------------------------------------------------------------\nPackage : postgresql-8.4\nVersion : 8.4.22-0+deb6u1\nCVE ID : CVE-2014-0067\n\nNew upstream minor release. Users should upgrade to this version at their next\nscheduled maintenance window.\n\nNoteworthy change:\n\n Secure Unix-domain sockets of temporary postmasters started during make\n check (Noah Misch)\n\n Any local user able to access the socket file could connect as the server's\n bootstrap superuser, then proceed to execute arbitrary code as the\n operating-system user running the test, as we previously noted in\n CVE-2014-0067. This change defends against that risk by placing the server's\n socket in a temporary, mode 0700 subdirectory of /tmp.\n\n8.4.22 marks the end of life of the PostgreSQL 8.4 branch. No further\nreleases will be made by the PostgreSQL Global Development Group.\n\nUsers of PostgreSQL 8.4 should look into upgrading to a newer PostgreSQL\nrelease. Options are:\n\n* Upgrading to Debian 7 (Wheezy), providing postgresql-9.1.\n\n* The use of the apt.postgresql.org repository, providing packages for all\n active PostgreSQL branches (9.0 up to 9.4 at the time of writing).\n\n See https://wiki.postgresql.org/wiki/Apt for more information about the\n repository.\n\n A helper script to activate the repository is provided in\n /usr/share/doc/postgresql-8.4/examples/apt.postgresql.org.sh.\n\n* An LTS version of 8.4 is in planning that will cover the lifetime of\n squeeze-lts. Updates will probably made on a best-effort basis. Users can\n take advantage of this, but should still consider upgrading to newer\n PostgreSQL versions over the next months.\n", "modified": "2014-07-29T09:44:29", "published": "2014-07-29T09:44:29", "id": "DEBIAN:DLA-0019-1:77DBF", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201407/msg00008.html", "title": "[DLA-0019-1] postgresql-8.4 update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:21", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2865-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 20, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : postgresql-9.1\nVulnerability : several\nCVE ID : CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 \n CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067\n\nVarious vulnerabilities were discovered in PostgreSQL:\n\n * Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\n Granting a role without ADMIN OPTION is supposed to prevent the grantee\n from adding or removing members from the granted role, but this\n restriction was easily bypassed by doing SET ROLE first. The security\n impact is mostly that a role member can revoke the access of others,\n contrary to the wishes of his grantor. Unapproved role member additions\n are a lesser concern, since an uncooperative role member could provide\n most of his rights to others anyway by creating views or SECURITY\n DEFINER functions. (CVE-2014-0060)\n\n * Prevent privilege escalation via manual calls to PL validator functions\n (Andres Freund)\n\n The primary role of PL validator functions is to be called implicitly\n during CREATE FUNCTION, but they are also normal SQL functions that a\n user can call explicitly. Calling a validator on a function actually\n written in some other language was not checked for and could be\n exploited for privilege-escalation purposes. The fix involves adding a\n call to a privilege-checking function in each validator function.\n Non-core procedural languages will also need to make this change to\n their own validator functions, if any. (CVE-2014-0061)\n\n * Avoid multiple name lookups during table and index DDL (Robert Haas,\n Andres Freund)\n\n If the name lookups come to different conclusions due to concurrent\n activity, we might perform some parts of the DDL on a different table\n than other parts. At least in the case of CREATE INDEX, this can be used\n to cause the permissions checks to be performed against a different\n table than the index creation, allowing for a privilege escalation\n attack. (CVE-2014-0062)\n\n * Prevent buffer overrun with long datetime strings (Noah Misch)\n\n The MAXDATELEN constant was too small for the longest possible value of\n type interval, allowing a buffer overrun in interval_out(). Although the\n datetime input functions were more careful about avoiding buffer\n overrun, the limit was short enough to cause them to reject some valid\n inputs, such as input containing a very long timezone name. The ecpg\n library contained these vulnerabilities along with some of its own.\n (CVE-2014-0063)\n\n * Prevent buffer overrun due to integer overflow in size calculations\n (Noah Misch, Heikki Linnakangas)\n\n Several functions, mostly type input functions, calculated an allocation\n size without checking for overflow. If overflow did occur, a too-small\n buffer would be allocated and then written past. (CVE-2014-0064)\n\n * Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)\n\n Use strlcpy() and related functions to provide a clear guarantee that\n fixed-size buffers are not overrun. Unlike the preceding items, it is\n unclear whether these cases really represent live issues, since in most\n cases there appear to be previous constraints on the size of the input\n string. Nonetheless it seems prudent to silence all Coverity warnings of\n this type. (CVE-2014-0065)\n\n * Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian)\n\n There are relatively few scenarios in which crypt() could return NULL,\n but contrib/chkpass would crash if it did. One practical case in which\n this could be an issue is if libc is configured to refuse to execute\n unapproved hashing algorithms (e.g., "FIPS mode"). (CVE-2014-0066)\n\n * Document risks of make check in the regression testing instructions\n (Noah Misch, Tom Lane)\n\n Since the temporary server started by make check uses "trust"\n authentication, another user on the same machine could connect to it as\n database superuser, and then potentially exploit the privileges of the\n operating-system user who started the tests. A future release will\n probably incorporate changes in the testing procedure to prevent this\n risk, but some public discussion is needed first. So for the moment,\n just warn people against using make check when there are untrusted users\n on the same machine. (CVE-2014-0067)\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 9.1_9.1.12-0wheezy1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.3.3-1 of the postgresql-9.3 package.\n\nWe recommend that you upgrade your postgresql-9.1 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-02-20T21:26:07", "published": "2014-02-20T21:26:07", "id": "DEBIAN:DSA-2865-1:BFC29", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00036.html", "title": "[SECURITY] [DSA 2865-1] postgresql-9.1 security update", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:44", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2864-1 security@debian.org\nhttp://www.debian.org/security/ Christoph Berg\nFebruary 20, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : postgresql-8.4\nVulnerability : several\nCVE ID : CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 \n CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067\n\nVarious vulnerabilities were discovered in PostgreSQL:\n\n * Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\n Granting a role without ADMIN OPTION is supposed to prevent the grantee\n from adding or removing members from the granted role, but this\n restriction was easily bypassed by doing SET ROLE first. The security\n impact is mostly that a role member can revoke the access of others,\n contrary to the wishes of his grantor. Unapproved role member additions\n are a lesser concern, since an uncooperative role member could provide\n most of his rights to others anyway by creating views or SECURITY\n DEFINER functions. (CVE-2014-0060)\n\n * Prevent privilege escalation via manual calls to PL validator functions\n (Andres Freund)\n\n The primary role of PL validator functions is to be called implicitly\n during CREATE FUNCTION, but they are also normal SQL functions that a\n user can call explicitly. Calling a validator on a function actually\n written in some other language was not checked for and could be\n exploited for privilege-escalation purposes. The fix involves adding a\n call to a privilege-checking function in each validator function.\n Non-core procedural languages will also need to make this change to\n their own validator functions, if any. (CVE-2014-0061)\n\n * Avoid multiple name lookups during table and index DDL (Robert Haas,\n Andres Freund)\n\n If the name lookups come to different conclusions due to concurrent\n activity, we might perform some parts of the DDL on a different table\n than other parts. At least in the case of CREATE INDEX, this can be used\n to cause the permissions checks to be performed against a different\n table than the index creation, allowing for a privilege escalation\n attack. (CVE-2014-0062)\n\n * Prevent buffer overrun with long datetime strings (Noah Misch)\n\n The MAXDATELEN constant was too small for the longest possible value of\n type interval, allowing a buffer overrun in interval_out(). Although the\n datetime input functions were more careful about avoiding buffer\n overrun, the limit was short enough to cause them to reject some valid\n inputs, such as input containing a very long timezone name. The ecpg\n library contained these vulnerabilities along with some of its own.\n (CVE-2014-0063)\n\n * Prevent buffer overrun due to integer overflow in size calculations\n (Noah Misch, Heikki Linnakangas)\n\n Several functions, mostly type input functions, calculated an allocation\n size without checking for overflow. If overflow did occur, a too-small\n buffer would be allocated and then written past. (CVE-2014-0064)\n\n * Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)\n\n Use strlcpy() and related functions to provide a clear guarantee that\n fixed-size buffers are not overrun. Unlike the preceding items, it is\n unclear whether these cases really represent live issues, since in most\n cases there appear to be previous constraints on the size of the input\n string. Nonetheless it seems prudent to silence all Coverity warnings of\n this type. (CVE-2014-0065)\n\n * Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian)\n\n There are relatively few scenarios in which crypt() could return NULL,\n but contrib/chkpass would crash if it did. One practical case in which\n this could be an issue is if libc is configured to refuse to execute\n unapproved hashing algorithms (e.g., "FIPS mode"). (CVE-2014-0066)\n\n * Document risks of make check in the regression testing instructions\n (Noah Misch, Tom Lane)\n\n Since the temporary server started by make check uses "trust"\n authentication, another user on the same machine could connect to it as\n database superuser, and then potentially exploit the privileges of the\n operating-system user who started the tests. A future release will\n probably incorporate changes in the testing procedure to prevent this\n risk, but some public discussion is needed first. So for the moment,\n just warn people against using make check when there are untrusted users\n on the same machine. (CVE-2014-0067)\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 8.4.20-0squeeze1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.3.3-1 of the postgresql-9.3 package.\n\nWe recommend that you upgrade your postgresql-8.4 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2014-02-20T17:06:01", "published": "2014-02-20T17:06:01", "id": "DEBIAN:DSA-2864-1:E2CA0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00035.html", "title": "[SECURITY] [DSA 2864-1] postgresql-8.4 security update", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:31:41", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 65721\r\nCVE(CAN) ID: CVE-2014-0067\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, 8.4.20\u4e4b\u524d\u7248\u672c\u901a\u8fc7"make check"\u5728\u6784\u9020\u6811\u5185\u8fd0\u884c\u56de\u5f52\u6d4b\u8bd5\u65f6\uff0c\u670d\u52a1\u5668\u8fdb\u7a0b\u5141\u8bb8\u540c\u4e00\u53f0\u673a\u5668\u4e0a\u7684\u7528\u6237\u4f5c\u4e3a\u8d85\u7ea7\u7528\u6237\u767b\u5f55\uff0c\u53e6\u5916\u4e00\u4e2a\u672c\u5730\u7528\u6237\u4e5f\u53ef\u4ee5\u83b7\u53d6\u64cd\u4f5c\u7cfb\u7edf\u7528\u6237\u7684\u6743\u9650\u3002\r\n0\r\nPostgreSQL PostgreSQL 8.x\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org", "modified": "2014-02-25T00:00:00", "published": "2014-02-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61544", "id": "SSV:61544", "title": "PostgreSQL 'make check' \u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2019-12-13T06:49:43", "bulletinFamily": "scanner", "description": "New upstream minor release. Users should upgrade to this version at\ntheir next scheduled maintenance window.\n\nNoteworthy change :\n\nSecure Unix-domain sockets of temporary postmasters started during\nmake check (Noah Misch)\n\nAny local user able to access the socket file could connect\nas the server", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DLA-19.NASL", "href": "https://www.tenable.com/plugins/nessus/82167", "published": "2015-03-26T00:00:00", "title": "Debian DLA-19-1 : postgresql-8.4 update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-19-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82167);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2014-0067\");\n script_bugtraq_id(65721);\n\n script_name(english:\"Debian DLA-19-1 : postgresql-8.4 update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New upstream minor release. Users should upgrade to this version at\ntheir next scheduled maintenance window.\n\nNoteworthy change :\n\nSecure Unix-domain sockets of temporary postmasters started during\nmake check (Noah Misch)\n\nAny local user able to access the socket file could connect\nas the server's bootstrap superuser, then proceed to execute\narbitrary code as the operating-system user running the\ntest, as we previously noted in CVE-2014-0067. This change\ndefends against that risk by placing the server's socket in\na temporary, mode 0700 subdirectory of /tmp.\n\n8.4.22 marks the end of life of the PostgreSQL 8.4 branch. No further\nreleases will be made by the PostgreSQL Global Development Group.\n\nUsers of PostgreSQL 8.4 should look into upgrading to a newer\nPostgreSQL release. Options are :\n\n - Upgrading to Debian 7 (Wheezy), providing\n postgresql-9.1.\n\n - The use of the apt.postgresql.org repository, providing\n packages for all active PostgreSQL branches (9.0 up to\n 9.4 at the time of writing).\n\n See https://wiki.postgresql.org/wiki/Apt for more\n information about the repository.\n\n A helper script to activate the repository is provided\n in\n /usr/share/doc/postgresql-8.4/examples/apt.postgresql.or\n g.sh.\n\n - An LTS version of 8.4 is in planning that will cover the\n lifetime of squeeze-lts. Updates will probably made on a\n best-effort basis. Users can take advantage of this, but\n should still consider upgrading to newer PostgreSQL\n versions over the next months.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2014/07/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/postgresql-8.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wiki.postgresql.org/wiki/Apt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg-compat3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpgtypes3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpq-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-client-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-contrib-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-doc-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-plperl-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-plpython-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-pltcl-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-server-dev-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libecpg-compat3\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecpg-dev\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecpg6\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpgtypes3\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpq-dev\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpq5\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-8.4\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-client\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-client-8.4\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-contrib\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-contrib-8.4\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-doc\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-doc-8.4\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-plperl-8.4\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-plpython-8.4\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-pltcl-8.4\", reference:\"8.4.22-0+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-server-dev-8.4\", reference:\"8.4.22-0+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:39:01", "bulletinFamily": "scanner", "description": "A buffer overflow flaw was found in the way PostgreSQL handled certain\nnumeric formatting. An authenticated database user could use a\nspecially crafted timestamp formatting template to cause PostgreSQL to\ncrash or, under certain conditions, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2015-0241)\n\nA buffer overflow flaw was found in the PostgreSQL", "modified": "2019-12-02T00:00:00", "id": "ALA_ALAS-2015-492.NASL", "href": "https://www.tenable.com/plugins/nessus/81828", "published": "2015-03-17T00:00:00", "title": "Amazon Linux AMI : postgresql92 (ALAS-2015-492)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-492.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81828);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0067\", \"CVE-2014-8161\", \"CVE-2015-0241\", \"CVE-2015-0242\", \"CVE-2015-0243\", \"CVE-2015-0244\");\n script_xref(name:\"ALAS\", value:\"2015-492\");\n\n script_name(english:\"Amazon Linux AMI : postgresql92 (ALAS-2015-492)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow flaw was found in the way PostgreSQL handled certain\nnumeric formatting. An authenticated database user could use a\nspecially crafted timestamp formatting template to cause PostgreSQL to\ncrash or, under certain conditions, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2015-0241)\n\nA buffer overflow flaw was found in the PostgreSQL's internal printf()\nimplementation. An authenticated database user could use a specially\ncrafted string in a SQL query to cause PostgreSQL to crash or,\npotentially, lead to privilege escalation. (CVE-2015-0242)\n\nA stack-buffer overflow flaw was found in PostgreSQL's pgcrypto\nmodule. An authenticated database user could use this flaw to cause\nPostgreSQL to crash or, potentially, execute arbitrary code with the\npermissions of the user running PostgreSQL. (CVE-2015-0243)\n\nA flaw was found in way PostgreSQL handled certain errors during that\nwere generated during protocol synchronization. An authenticated\ndatabase user could use this flaw to inject queries into an existing\nconnection. (CVE-2015-0244)\n\nThe 'make check' command for the test suites in PostgreSQL 9.3.3 and\nearlier does not properly invoke initdb to specify the authentication\nrequirements for a database cluster to be used for the tests, which\nallows local users to gain privileges by leveraging access to this\ncluster. (CVE-2014-0067)\n\nAn information leak flaw was found in the way certain the PostgreSQL\ndatabase server handled certain error messages. An authenticated\ndatabase user could possibly obtain the results of a query they did\nnot have privileges to execute by observing the constraint violation\nerror messages produced when the query was executed. (CVE-2014-8161)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-492.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update postgresql92' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92-server-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql92-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-9.2.10-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-contrib-9.2.10-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-debuginfo-9.2.10-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-devel-9.2.10-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-docs-9.2.10-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-libs-9.2.10-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-plperl-9.2.10-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-plpython-9.2.10-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-pltcl-9.2.10-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-server-9.2.10-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-server-compat-9.2.10-1.49.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql92-test-9.2.10-1.49.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql92 / postgresql92-contrib / postgresql92-debuginfo / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:52:27", "bulletinFamily": "scanner", "description": "The version of PostgreSQL installed on the remote host is 9.0.x prior\nto 9.0.19, 9.1.x prior to 9.1.15, 9.2.x prior to 9.2.10, 9.3.x prior\nto 9.3.6, or 9.4.x prior to 9.4.1. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A privilege escalation vulnerability exists due to the\n ", "modified": "2019-12-02T00:00:00", "id": "POSTGRESQL_20150205.NASL", "href": "https://www.tenable.com/plugins/nessus/81300", "published": "2015-02-11T00:00:00", "title": "PostgreSQL 9.0 < 9.0.19 / 9.1 < 9.1.15 / 9.2 < 9.2.10 / 9.3 < 9.3.6 / 9.4 < 9.4.1 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81300);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0067\",\n \"CVE-2014-8161\",\n \"CVE-2015-0241\",\n \"CVE-2015-0242\",\n \"CVE-2015-0243\",\n \"CVE-2015-0244\"\n );\n script_bugtraq_id(\n 65721,\n 72538,\n 72540,\n 72542,\n 72543,\n 74174\n );\n\n script_name(english:\"PostgreSQL 9.0 < 9.0.19 / 9.1 < 9.1.15 / 9.2 < 9.2.10 / 9.3 < 9.3.6 / 9.4 < 9.4.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of PostgreSQL.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PostgreSQL installed on the remote host is 9.0.x prior\nto 9.0.19, 9.1.x prior to 9.1.15, 9.2.x prior to 9.2.10, 9.3.x prior\nto 9.3.6, or 9.4.x prior to 9.4.1. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A privilege escalation vulnerability exists due to the\n 'make check' command not properly invoking initdb to\n specify authentication requirements for a database\n cluster to be used for tests. A local attacker can\n exploit this issue to gain temporary server access and\n elevated privileges. Note that this issue only affects\n Microsoft Windows hosts. (CVE-2014-0067)\n\n - An information disclosure vulnerability exists due to\n improper handling of restricted column values in\n constraint-violation error messages. An authenticated,\n remote attacker can exploit this to gain access to\n sensitive information. (CVE-2014-8161)\n\n - Multiple vulnerabilities exist due to several buffer\n overflow errors related to the 'to_char' functions. An\n authenticated, remote attacker can exploit these issues\n to cause a denial of service or arbitrary code\n execution. (CVE-2015-0241)\n\n - Multiple vulnerabilities exist due to several\n stack-based buffer overflow errors in various *printf()\n functions. The overflows are due to improper validation\n of user-supplied input when formatting a floating point\n number where the requested precision is greater than\n approximately 500. An authenticated, remote attacker\n can exploit these issues to cause a denial of service or\n arbitrary code execution. (CVE-2015-0242)\n\n - Multiple vulnerabilities exist due to an overflow\n condition in multiple functions in the 'pgcrypto'\n extension. The overflows are due to improper validation\n of user-supplied input when tracking memory sizes. An\n authenticated, remote attacker can exploit these issues\n to cause a denial of service or arbitrary code\n execution. (CVE-2015-0243)\n\n - A SQL injection vulnerability exists due to improper\n sanitization of user-supplied input when handling\n crafted binary data within a command parameter. An\n authenticated, remote attacker can exploit this issue\n to inject or manipulate SQL queries, allowing the\n manipulation or disclosure of arbitrary data.\n (CVE-2015-0244)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/about/news/1569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/9.0/release-9-0-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/9.1/release-9-1-15.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/9.2/release-9-2-10.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/9.3/release-9-3-6.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/9.4/release-9-4-1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PostgreSQL 9.0.19 / 9.1.15 / 9.2.10 / 9.3.6 / 9.4.1 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0067\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:postgresql:postgresql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"postgresql_version.nbin\");\n script_require_ports(\"Services/postgresql\", 5432);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_service(svc:\"postgresql\", default:5432, exit_on_fail:TRUE);\n\nversion = get_kb_item_or_exit('database/'+port+'/postgresql/version');\nsource = get_kb_item_or_exit('database/'+port+'/postgresql/source');\ndatabase = get_kb_item('database/'+port+'/postgresql/database_name');\n\nget_backport_banner(banner:source);\nif (backported && report_paranoia < 2) audit(AUDIT_BACKPORT_SERVICE, port, 'PostgreSQL server');\n\nver = split(version, sep:'.');\nfor (i=0; i < max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n (ver[0] == 9 && ver[1] == 0 && ver[2] < 19) ||\n (ver[0] == 9 && ver[1] == 1 && ver[2] < 15) ||\n (ver[0] == 9 && ver[1] == 2 && ver[2] < 10) ||\n (ver[0] == 9 && ver[1] == 3 && ver[2] < 6) ||\n (ver[0] == 9 && ver[1] == 4 && ver[2] < 1)\n)\n{\n set_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report = '';\n if(database)\n report += '\\n Database name : ' + database ;\n report +=\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 9.0.19 / 9.1.15 / 9.2.10 / 9.3.6 / 9.4.1\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, 'PostgreSQL', port, version);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:05:52", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered and corrected in\npostgresql :\n\nGranting a role without ADMIN OPTION is supposed to prevent the\ngrantee from adding or removing members from the granted role, but\nthis restriction was easily bypassed by doing SET ROLE first. The\nsecurity impact is mostly that a role member can revoke the access of\nothers, contrary to the wishes of his grantor. Unapproved role member\nadditions are a lesser concern, since an uncooperative role member\ncould provide most of his rights to others anyway by creating views or\nSECURITY DEFINER functions (CVE-2014-0060).\n\nThe primary role of PL validator functions is to be called implicitly\nduring CREATE FUNCTION, but they are also normal SQL functions that a\nuser can call explicitly. Calling a validator on a function actually\nwritten in some other language was not checked for and could be\nexploited for privilege-escalation purposes. The fix involves adding a\ncall to a privilege-checking function in each validator function.\nNon-core procedural languages will also need to make this change to\ntheir own validator functions, if any (CVE-2014-0061).\n\nIf the name lookups come to different conclusions due to concurrent\nactivity, we might perform some parts of the DDL on a different table\nthan other parts. At least in the case of CREATE INDEX, this can be\nused to cause the permissions checks to be performed against a\ndifferent table than the index creation, allowing for a privilege\nescalation attack (CVE-2014-0062).\n\nThe MAXDATELEN constant was too small for the longest possible value\nof type interval, allowing a buffer overrun in interval_out().\nAlthough the datetime input functions were more careful about avoiding\nbuffer overrun, the limit was short enough to cause them to reject\nsome valid inputs, such as input containing a very long timezone name.\nThe ecpg library contained these vulnerabilities along with some of\nits own (CVE-2014-0063).\n\nSeveral functions, mostly type input functions, calculated an\nallocation size without checking for overflow. If overflow did occur,\na too-small buffer would be allocated and then written past\n(CVE-2014-0064).\n\nUse strlcpy() and related functions to provide a clear guarantee that\nfixed-size buffers are not overrun. Unlike the preceding items, it is\nunclear whether these cases really represent live issues, since in\nmost cases there appear to be previous constraints on the size of the\ninput string. Nonetheless it seems prudent to silence all Coverity\nwarnings of this type (CVE-2014-0065).\n\nThere are relatively few scenarios in which crypt() could return NULL,\nbut contrib/chkpass would crash if it did. One practical case in which\nthis could be an issue is if libc is configured to refuse to execute\nunapproved hashing algorithms (e.g., FIPS mode) (CVE-2014-0066).\n\nSince the temporary server started by make check uses trust\nauthentication, another user on the same machine could connect to it\nas database superuser, and then potentially exploit the privileges of\nthe operating-system user who started the tests. A future release will\nprobably incorporate changes in the testing procedure to prevent this\nrisk, but some public discussion is needed first. So for the moment,\njust warn people against using make check when there are untrusted\nusers on the same machine (CVE-2014-0067).\n\nThis advisory provides the latest version of PostgreSQL that is not\nvulnerable to these issues.", "modified": "2019-12-02T00:00:00", "id": "MANDRIVA_MDVSA-2014-047.NASL", "href": "https://www.tenable.com/plugins/nessus/72642", "published": "2014-02-23T00:00:00", "title": "Mandriva Linux Security Advisory : postgresql (MDVSA-2014:047)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:047. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72642);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:55\");\n\n script_cve_id(\"CVE-2014-0060\", \"CVE-2014-0061\", \"CVE-2014-0062\", \"CVE-2014-0063\", \"CVE-2014-0064\", \"CVE-2014-0065\", \"CVE-2014-0066\", \"CVE-2014-0067\");\n script_bugtraq_id(65719, 65721, 65723, 65724, 65725, 65727, 65728, 65731);\n script_xref(name:\"MDVSA\", value:\"2014:047\");\n\n script_name(english:\"Mandriva Linux Security Advisory : postgresql (MDVSA-2014:047)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in\npostgresql :\n\nGranting a role without ADMIN OPTION is supposed to prevent the\ngrantee from adding or removing members from the granted role, but\nthis restriction was easily bypassed by doing SET ROLE first. The\nsecurity impact is mostly that a role member can revoke the access of\nothers, contrary to the wishes of his grantor. Unapproved role member\nadditions are a lesser concern, since an uncooperative role member\ncould provide most of his rights to others anyway by creating views or\nSECURITY DEFINER functions (CVE-2014-0060).\n\nThe primary role of PL validator functions is to be called implicitly\nduring CREATE FUNCTION, but they are also normal SQL functions that a\nuser can call explicitly. Calling a validator on a function actually\nwritten in some other language was not checked for and could be\nexploited for privilege-escalation purposes. The fix involves adding a\ncall to a privilege-checking function in each validator function.\nNon-core procedural languages will also need to make this change to\ntheir own validator functions, if any (CVE-2014-0061).\n\nIf the name lookups come to different conclusions due to concurrent\nactivity, we might perform some parts of the DDL on a different table\nthan other parts. At least in the case of CREATE INDEX, this can be\nused to cause the permissions checks to be performed against a\ndifferent table than the index creation, allowing for a privilege\nescalation attack (CVE-2014-0062).\n\nThe MAXDATELEN constant was too small for the longest possible value\nof type interval, allowing a buffer overrun in interval_out().\nAlthough the datetime input functions were more careful about avoiding\nbuffer overrun, the limit was short enough to cause them to reject\nsome valid inputs, such as input containing a very long timezone name.\nThe ecpg library contained these vulnerabilities along with some of\nits own (CVE-2014-0063).\n\nSeveral functions, mostly type input functions, calculated an\nallocation size without checking for overflow. If overflow did occur,\na too-small buffer would be allocated and then written past\n(CVE-2014-0064).\n\nUse strlcpy() and related functions to provide a clear guarantee that\nfixed-size buffers are not overrun. Unlike the preceding items, it is\nunclear whether these cases really represent live issues, since in\nmost cases there appear to be previous constraints on the size of the\ninput string. Nonetheless it seems prudent to silence all Coverity\nwarnings of this type (CVE-2014-0065).\n\nThere are relatively few scenarios in which crypt() could return NULL,\nbut contrib/chkpass would crash if it did. One practical case in which\nthis could be an issue is if libc is configured to refuse to execute\nunapproved hashing algorithms (e.g., FIPS mode) (CVE-2014-0066).\n\nSince the temporary server started by make check uses trust\nauthentication, another user on the same machine could connect to it\nas database superuser, and then potentially exploit the privileges of\nthe operating-system user who started the tests. A future release will\nprobably incorporate changes in the testing procedure to prevent this\nrisk, but some public discussion is needed first. So for the moment,\njust warn people against using make check when there are untrusted\nusers on the same machine (CVE-2014-0067).\n\nThis advisory provides the latest version of PostgreSQL that is not\nvulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/9.2/release-9-2-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/9.2/release-9-2-6.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/9.2/release-9-2-7.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg9.2_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq9.2_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64ecpg9.2_6-9.2.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64pq9.2_5-9.2.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"postgresql9.2-9.2.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"postgresql9.2-contrib-9.2.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"postgresql9.2-devel-9.2.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"postgresql9.2-docs-9.2.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"postgresql9.2-pl-9.2.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"postgresql9.2-plperl-9.2.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"postgresql9.2-plpgsql-9.2.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"postgresql9.2-plpython-9.2.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"postgresql9.2-pltcl-9.2.7-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"postgresql9.2-server-9.2.7-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T07:27:57", "bulletinFamily": "scanner", "description": "PostgreSQL Project reports :\n\nThis update fixes CVE-2014-0060, in which PostgreSQL did not properly\nenforce the WITH ADMIN OPTION permission for ROLE management. Before\nthis fix, any member of a ROLE was able to grant others access to the\nsame ROLE regardless if the member was given the WITH ADMIN OPTION\npermission. It also fixes multiple privilege escalation issues,\nincluding: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,\nCVE-2014-0065, and CVE-2014-0066. More information on these issues can\nbe found on our security page and the security issue detail wiki page.\n\nWith this release, we are also alerting users to a known security hole\nthat allows other users on the same machine to gain access to an\noperating system account while it is doing ", "modified": "2019-12-02T00:00:00", "id": "FREEBSD_PKG_42D420909A4D11E3B02908002798F6FF.NASL", "href": "https://www.tenable.com/plugins/nessus/72612", "published": "2014-02-21T00:00:00", "title": "FreeBSD : PostgreSQL -- multiple privilege issues (42d42090-9a4d-11e3-b029-08002798f6ff)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72612);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2014-0060\", \"CVE-2014-0061\", \"CVE-2014-0062\", \"CVE-2014-0063\", \"CVE-2014-0064\", \"CVE-2014-0065\", \"CVE-2014-0066\", \"CVE-2014-0067\");\n\n script_name(english:\"FreeBSD : PostgreSQL -- multiple privilege issues (42d42090-9a4d-11e3-b029-08002798f6ff)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PostgreSQL Project reports :\n\nThis update fixes CVE-2014-0060, in which PostgreSQL did not properly\nenforce the WITH ADMIN OPTION permission for ROLE management. Before\nthis fix, any member of a ROLE was able to grant others access to the\nsame ROLE regardless if the member was given the WITH ADMIN OPTION\npermission. It also fixes multiple privilege escalation issues,\nincluding: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,\nCVE-2014-0065, and CVE-2014-0066. More information on these issues can\nbe found on our security page and the security issue detail wiki page.\n\nWith this release, we are also alerting users to a known security hole\nthat allows other users on the same machine to gain access to an\noperating system account while it is doing 'make check' :\nCVE-2014-0067. 'Make check' is normally part of building PostgreSQL\nfrom source code. As it is not possible to fix this issue without\ncausing significant issues to our testing infrastructure, a patch will\nbe released separately and publicly. Until then, users are strongly\nadvised not to run 'make check' on machines where untrusted users have\naccounts.\"\n );\n # https://vuxml.freebsd.org/freebsd/42d42090-9a4d-11e3-b029-08002798f6ff.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4598304a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server<8.4.20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=9.0.0<9.0.16\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=9.1.0<9.1.12\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=9.2.0<9.2.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=9.3.0<9.3.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:15:51", "bulletinFamily": "scanner", "description": "The PostgreSQL database was updated to the security and bugfix release\n9.2.7, which following fixes :\n\n - Shore up GRANT ... WITH ADMIN OPTION restrictions\n (CVE-2014-0060, bnc#864845)\n\n - Prevent privilege escalation via manual calls to PL\n validator functions (CVE-2014-0061, bnc#864846)\n\n - Avoid multiple name lookups during table and index DDL\n (CVE-2014-0062, bnc#864847)\n\n - Prevent buffer overrun with long datetime strings\n (CVE-2014-0063, bnc#864850)\n\n - Prevent buffer overrun due to integer overflow in size\n calculations (CVE-2014-0064, bnc#864851)\n\n - Prevent overruns of fixed-size buffers (CVE-2014-0065,\n bnc#864852)\n\n - Avoid crashing if crypt() returns NULL (CVE-2014-0066,\n bnc#864853)\n\n - Document risks of make check in the regression testing\n instructions (CVE-2014-0067)\n\n - For the other (many!) bug fixes, see the release notes:\n http://www.postgresql.org/docs/9.3/static/release-9-2-7.\n html", "modified": "2019-12-02T00:00:00", "id": "OPENSUSE-2014-192.NASL", "href": "https://www.tenable.com/plugins/nessus/75281", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : postgresql92 (openSUSE-SU-2014:0345-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-192.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75281);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/12/18 10:18:59\");\n\n script_cve_id(\"CVE-2014-0060\", \"CVE-2014-0061\", \"CVE-2014-0062\", \"CVE-2014-0063\", \"CVE-2014-0064\", \"CVE-2014-0065\", \"CVE-2014-0066\", \"CVE-2014-0067\");\n\n script_name(english:\"openSUSE Security Update : postgresql92 (openSUSE-SU-2014:0345-1)\");\n script_summary(english:\"Check for the openSUSE-2014-192 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PostgreSQL database was updated to the security and bugfix release\n9.2.7, which following fixes :\n\n - Shore up GRANT ... WITH ADMIN OPTION restrictions\n (CVE-2014-0060, bnc#864845)\n\n - Prevent privilege escalation via manual calls to PL\n validator functions (CVE-2014-0061, bnc#864846)\n\n - Avoid multiple name lookups during table and index DDL\n (CVE-2014-0062, bnc#864847)\n\n - Prevent buffer overrun with long datetime strings\n (CVE-2014-0063, bnc#864850)\n\n - Prevent buffer overrun due to integer overflow in size\n calculations (CVE-2014-0064, bnc#864851)\n\n - Prevent overruns of fixed-size buffers (CVE-2014-0065,\n bnc#864852)\n\n - Avoid crashing if crypt() returns NULL (CVE-2014-0066,\n bnc#864853)\n\n - Document risks of make check in the regression testing\n instructions (CVE-2014-0067)\n\n - For the other (many!) bug fixes, see the release notes:\n http://www.postgresql.org/docs/9.3/static/release-9-2-7.\n html\"\n );\n # http://www.postgresql.org/docs/9.3/static/release-9-2-7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/9.3/release-9-2-7.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql92 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libecpg6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libecpg6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libecpg6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpq5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpq5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-contrib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-libs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-plperl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-plpython-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-pltcl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql92-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libecpg6-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libecpg6-debuginfo-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libpq5-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libpq5-debuginfo-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-contrib-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-contrib-debuginfo-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-debuginfo-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-debugsource-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-devel-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-devel-debuginfo-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-libs-debugsource-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-plperl-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-plperl-debuginfo-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-plpython-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-plpython-debuginfo-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-pltcl-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-pltcl-debuginfo-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-server-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"postgresql92-server-debuginfo-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libecpg6-32bit-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libecpg6-debuginfo-32bit-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libpq5-32bit-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libpq5-debuginfo-32bit-9.2.7-1.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libecpg6-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libecpg6-debuginfo-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpq5-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpq5-debuginfo-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-contrib-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-contrib-debuginfo-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-debuginfo-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-debugsource-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-devel-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-devel-debuginfo-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-libs-debugsource-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-plperl-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-plperl-debuginfo-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-plpython-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-plpython-debuginfo-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-pltcl-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-pltcl-debuginfo-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-server-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"postgresql92-server-debuginfo-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libecpg6-32bit-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libecpg6-debuginfo-32bit-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpq5-32bit-9.2.7-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpq5-debuginfo-32bit-9.2.7-4.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql92\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T09:21:33", "bulletinFamily": "scanner", "description": "The PostgreSQL database server was updated to version 9.1.12 to fix\nvarious security issues :\n\n - Granting a role without ADMIN OPTION is supposed to\n prevent the grantee from adding or removing members from\n the granted role, but this restriction was easily\n bypassed by doing SET ROLE first. The security impact is\n mostly that a role member can revoke the access of\n others, contrary to the wishes of his grantor.\n Unapproved role member additions are a lesser concern,\n since an uncooperative role member could provide most of\n his rights to others anyway by creating views or\n SECURITY DEFINER functions. (CVE-2014-0060)\n\n - The primary role of PL validator functions is to be\n called implicitly during CREATE FUNCTION, but they are\n also normal SQL functions that a user can call\n explicitly. Calling a validator on a function actually\n written in some other language was not checked for and\n could be exploited for privilege-escalation purposes.\n The fix involves adding a call to a privilege-checking\n function in each validator function. Non-core procedural\n languages will also need to make this change to their\n own validator functions, if any. (CVE-2014-0061)\n\n - If the name lookups come to different conclusions due to\n concurrent activity, we might perform some parts of the\n DDL on a different table than other parts. At least in\n the case of CREATE INDEX, this can be used to cause the\n permissions checks to be performed against a different\n table than the index creation, allowing for a privilege\n escalation attack. (CVE-2014-0062)\n\n - The MAXDATELEN constant was too small for the longest\n possible value of type interval, allowing a buffer\n overrun in interval_out(). Although the datetime input\n functions were more careful about avoiding buffer\n overrun, the limit was short enough to cause them to\n reject some valid inputs, such as input containing a\n very long timezone name. The ecpg library contained\n these vulnerabilities along with some of its own.\n (CVE-2014-0063)\n\n - Several functions, mostly type input functions,\n calculated an allocation size without checking for\n overflow. If overflow did occur, a too-small buffer\n would be allocated and then written past.\n (CVE-2014-0064)\n\n - Use strlcpy() and related functions to provide a clear\n guarantee that fixed-size buffers are not overrun.\n Unlike the preceding items, it is unclear whether these\n cases really represent live issues, since in most cases\n there appear to be previous constraints on the size of\n the input string. Nonetheless it seems prudent to\n silence all Coverity warnings of this type.\n (CVE-2014-0065)\n\n - There are relatively few scenarios in which crypt()\n could return NULL, but contrib/chkpass would crash if it\n did. One practical case in which this could be an issue\n is if libc is configured to refuse to execute unapproved\n hashing algorithms (e.g., ", "modified": "2019-12-02T00:00:00", "id": "SUSE_11_LIBECPG6-140303.NASL", "href": "https://www.tenable.com/plugins/nessus/73268", "published": "2014-03-31T00:00:00", "title": "SuSE 11.3 Security Update : PostgreSQL 9.1 (SAT Patch Number 8970)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73268);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/02/18 15:00:16 $\");\n\n script_cve_id(\"CVE-2014-0060\", \"CVE-2014-0061\", \"CVE-2014-0062\", \"CVE-2014-0063\", \"CVE-2014-0064\", \"CVE-2014-0065\", \"CVE-2014-0066\", \"CVE-2014-0067\");\n\n script_name(english:\"SuSE 11.3 Security Update : PostgreSQL 9.1 (SAT Patch Number 8970)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PostgreSQL database server was updated to version 9.1.12 to fix\nvarious security issues :\n\n - Granting a role without ADMIN OPTION is supposed to\n prevent the grantee from adding or removing members from\n the granted role, but this restriction was easily\n bypassed by doing SET ROLE first. The security impact is\n mostly that a role member can revoke the access of\n others, contrary to the wishes of his grantor.\n Unapproved role member additions are a lesser concern,\n since an uncooperative role member could provide most of\n his rights to others anyway by creating views or\n SECURITY DEFINER functions. (CVE-2014-0060)\n\n - The primary role of PL validator functions is to be\n called implicitly during CREATE FUNCTION, but they are\n also normal SQL functions that a user can call\n explicitly. Calling a validator on a function actually\n written in some other language was not checked for and\n could be exploited for privilege-escalation purposes.\n The fix involves adding a call to a privilege-checking\n function in each validator function. Non-core procedural\n languages will also need to make this change to their\n own validator functions, if any. (CVE-2014-0061)\n\n - If the name lookups come to different conclusions due to\n concurrent activity, we might perform some parts of the\n DDL on a different table than other parts. At least in\n the case of CREATE INDEX, this can be used to cause the\n permissions checks to be performed against a different\n table than the index creation, allowing for a privilege\n escalation attack. (CVE-2014-0062)\n\n - The MAXDATELEN constant was too small for the longest\n possible value of type interval, allowing a buffer\n overrun in interval_out(). Although the datetime input\n functions were more careful about avoiding buffer\n overrun, the limit was short enough to cause them to\n reject some valid inputs, such as input containing a\n very long timezone name. The ecpg library contained\n these vulnerabilities along with some of its own.\n (CVE-2014-0063)\n\n - Several functions, mostly type input functions,\n calculated an allocation size without checking for\n overflow. If overflow did occur, a too-small buffer\n would be allocated and then written past.\n (CVE-2014-0064)\n\n - Use strlcpy() and related functions to provide a clear\n guarantee that fixed-size buffers are not overrun.\n Unlike the preceding items, it is unclear whether these\n cases really represent live issues, since in most cases\n there appear to be previous constraints on the size of\n the input string. Nonetheless it seems prudent to\n silence all Coverity warnings of this type.\n (CVE-2014-0065)\n\n - There are relatively few scenarios in which crypt()\n could return NULL, but contrib/chkpass would crash if it\n did. One practical case in which this could be an issue\n is if libc is configured to refuse to execute unapproved\n hashing algorithms (e.g., 'FIPS mode'). (CVE-2014-0066)\n\n - Since the temporary server started by make check uses\n 'trust' authentication, another user on the same machine\n could connect to it as database superuser, and then\n potentially exploit the privileges of the\n operating-system user who started the tests. A future\n release will probably incorporate changes in the testing\n procedure to prevent this risk, but some public\n discussion is needed first. So for the moment, just warn\n people against using make check when there are untrusted\n users on the same machine. (CVE-2014-0067)\n\nThe complete list of bugs and more information can be found at:\nhttp://www.postgresql.org/docs/9.1/static/release-9-1-12.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0060.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0061.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0062.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0063.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0064.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0065.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0066.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0067.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8970.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpq5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql91\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql91-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql91-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql91-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libecpg6-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"libpq5-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"postgresql91-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"postgresql91-docs-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libecpg6-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libpq5-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"libpq5-32bit-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"postgresql91-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"postgresql91-docs-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libecpg6-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"libpq5-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"postgresql91-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"postgresql91-contrib-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"postgresql91-docs-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"postgresql91-server-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"libpq5-32bit-9.1.12-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"libpq5-32bit-9.1.12-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:51:20", "bulletinFamily": "scanner", "description": "Various vulnerabilities were discovered in PostgreSQL :\n\n - CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION\n restrictions (Noah Misch)\n Granting a role without ADMIN OPTION is supposed to\n prevent the grantee from adding or removing members from\n the granted role, but this restriction was easily\n bypassed by doing SET ROLE first. The security impact is\n mostly that a role member can revoke the access of\n others, contrary to the wishes of his grantor.\n Unapproved role member additions are a lesser concern,\n since an uncooperative role member could provide most of\n his rights to others anyway by creating views or\n SECURITY DEFINER functions.\n\n - CVE-2014-0061 Prevent privilege escalation via manual\n calls to PL validator functions (Andres Freund)\n\n The primary role of PL validator functions is to be\n called implicitly during CREATE FUNCTION, but they are\n also normal SQL functions that a user can call\n explicitly. Calling a validator on a function actually\n written in some other language was not checked for and\n could be exploited for privilege-escalation purposes.\n The fix involves adding a call to a privilege-checking\n function in each validator function. Non-core procedural\n languages will also need to make this change to their\n own validator functions, if any.\n\n - CVE-2014-0062 Avoid multiple name lookups during table\n and index DDL (Robert Haas, Andres Freund)\n\n If the name lookups come to different conclusions due to\n concurrent activity, we might perform some parts of the\n DDL on a different table than other parts. At least in\n the case of CREATE INDEX, this can be used to cause the\n permissions checks to be performed against a different\n table than the index creation, allowing for a privilege\n escalation attack.\n\n - CVE-2014-0063 Prevent buffer overrun with long datetime\n strings (Noah Misch)\n\n The MAXDATELEN constant was too small for the longest\n possible value of type interval, allowing a buffer\n overrun in interval_out(). Although the datetime input\n functions were more careful about avoiding buffer\n overrun, the limit was short enough to cause them to\n reject some valid inputs, such as input containing a\n very long timezone name. The ecpg library contained\n these vulnerabilities along with some of its own.\n\n - CVE-2014-0064 CVE-2014-2669 Prevent buffer overrun due\n to integer overflow in size calculations (Noah Misch,\n Heikki Linnakangas)\n\n Several functions, mostly type input functions,\n calculated an allocation size without checking for\n overflow. If overflow did occur, a too-small buffer\n would be allocated and then written past.\n\n - CVE-2014-0065 Prevent overruns of fixed-size buffers\n (Peter Eisentraut, Jozef Mlich)\n\n Use strlcpy() and related functions to provide a clear\n guarantee that fixed-size buffers are not overrun.\n Unlike the preceding items, it is unclear whether these\n cases really represent live issues, since in most cases\n there appear to be previous constraints on the size of\n the input string. Nonetheless it seems prudent to\n silence all Coverity warnings of this type.\n\n - CVE-2014-0066 Avoid crashing if crypt() returns NULL\n (Honza Horak, Bruce Momjian)\n\n There are relatively few scenarios in which crypt()\n could return NULL, but contrib/chkpass would crash if it\n did. One practical case in which this could be an issue\n is if libc is configured to refuse to execute unapproved\n hashing algorithms (e.g., ", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DSA-2865.NASL", "href": "https://www.tenable.com/plugins/nessus/72611", "published": "2014-02-21T00:00:00", "title": "Debian DSA-2865-1 : postgresql-9.1 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2865. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72611);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2019/07/15 14:20:29\");\n\n script_cve_id(\"CVE-2014-0060\", \"CVE-2014-0061\", \"CVE-2014-0062\", \"CVE-2014-0063\", \"CVE-2014-0064\", \"CVE-2014-0065\", \"CVE-2014-0066\", \"CVE-2014-0067\", \"CVE-2014-2669\");\n script_bugtraq_id(65728);\n script_xref(name:\"DSA\", value:\"2865\");\n\n script_name(english:\"Debian DSA-2865-1 : postgresql-9.1 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various vulnerabilities were discovered in PostgreSQL :\n\n - CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION\n restrictions (Noah Misch)\n Granting a role without ADMIN OPTION is supposed to\n prevent the grantee from adding or removing members from\n the granted role, but this restriction was easily\n bypassed by doing SET ROLE first. The security impact is\n mostly that a role member can revoke the access of\n others, contrary to the wishes of his grantor.\n Unapproved role member additions are a lesser concern,\n since an uncooperative role member could provide most of\n his rights to others anyway by creating views or\n SECURITY DEFINER functions.\n\n - CVE-2014-0061 Prevent privilege escalation via manual\n calls to PL validator functions (Andres Freund)\n\n The primary role of PL validator functions is to be\n called implicitly during CREATE FUNCTION, but they are\n also normal SQL functions that a user can call\n explicitly. Calling a validator on a function actually\n written in some other language was not checked for and\n could be exploited for privilege-escalation purposes.\n The fix involves adding a call to a privilege-checking\n function in each validator function. Non-core procedural\n languages will also need to make this change to their\n own validator functions, if any.\n\n - CVE-2014-0062 Avoid multiple name lookups during table\n and index DDL (Robert Haas, Andres Freund)\n\n If the name lookups come to different conclusions due to\n concurrent activity, we might perform some parts of the\n DDL on a different table than other parts. At least in\n the case of CREATE INDEX, this can be used to cause the\n permissions checks to be performed against a different\n table than the index creation, allowing for a privilege\n escalation attack.\n\n - CVE-2014-0063 Prevent buffer overrun with long datetime\n strings (Noah Misch)\n\n The MAXDATELEN constant was too small for the longest\n possible value of type interval, allowing a buffer\n overrun in interval_out(). Although the datetime input\n functions were more careful about avoiding buffer\n overrun, the limit was short enough to cause them to\n reject some valid inputs, such as input containing a\n very long timezone name. The ecpg library contained\n these vulnerabilities along with some of its own.\n\n - CVE-2014-0064 CVE-2014-2669 Prevent buffer overrun due\n to integer overflow in size calculations (Noah Misch,\n Heikki Linnakangas)\n\n Several functions, mostly type input functions,\n calculated an allocation size without checking for\n overflow. If overflow did occur, a too-small buffer\n would be allocated and then written past.\n\n - CVE-2014-0065 Prevent overruns of fixed-size buffers\n (Peter Eisentraut, Jozef Mlich)\n\n Use strlcpy() and related functions to provide a clear\n guarantee that fixed-size buffers are not overrun.\n Unlike the preceding items, it is unclear whether these\n cases really represent live issues, since in most cases\n there appear to be previous constraints on the size of\n the input string. Nonetheless it seems prudent to\n silence all Coverity warnings of this type.\n\n - CVE-2014-0066 Avoid crashing if crypt() returns NULL\n (Honza Horak, Bruce Momjian)\n\n There are relatively few scenarios in which crypt()\n could return NULL, but contrib/chkpass would crash if it\n did. One practical case in which this could be an issue\n is if libc is configured to refuse to execute unapproved\n hashing algorithms (e.g., 'FIPS mode').\n\n - CVE-2014-0067 Document risks of make check in the\n regression testing instructions (Noah Misch, Tom Lane)\n\n Since the temporary server started by make check uses\n 'trust' authentication, another user on the same machine\n could connect to it as database superuser, and then\n potentially exploit the privileges of the\n operating-system user who started the tests. A future\n release will probably incorporate changes in the testing\n procedure to prevent this risk, but some public\n discussion is needed first. So for the moment, just warn\n people against using make check when there are untrusted\n users on the same machine.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-2669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/postgresql-9.1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2865\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the postgresql-9.1 packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 9.1_9.1.12-0wheezy1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libecpg-compat3\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libecpg-dev\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libecpg6\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpgtypes3\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpq-dev\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpq5\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"postgresql-9.1\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"postgresql-9.1-dbg\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"postgresql-client-9.1\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"postgresql-contrib-9.1\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"postgresql-doc-9.1\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"postgresql-plperl-9.1\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"postgresql-plpython-9.1\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"postgresql-plpython3-9.1\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"postgresql-pltcl-9.1\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"postgresql-server-dev-9.1\", reference:\"9.1_9.1.12-0wheezy1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:51:20", "bulletinFamily": "scanner", "description": "Various vulnerabilities were discovered in PostgreSQL :\n\n - CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION\n restrictions (Noah Misch)\n Granting a role without ADMIN OPTION is supposed to\n prevent the grantee from adding or removing members from\n the granted role, but this restriction was easily\n bypassed by doing SET ROLE first. The security impact is\n mostly that a role member can revoke the access of\n others, contrary to the wishes of his grantor.\n Unapproved role member additions are a lesser concern,\n since an uncooperative role member could provide most of\n his rights to others anyway by creating views or\n SECURITY DEFINER functions.\n\n - CVE-2014-0061 Prevent privilege escalation via manual\n calls to PL validator functions (Andres Freund)\n\n The primary role of PL validator functions is to be\n called implicitly during CREATE FUNCTION, but they are\n also normal SQL functions that a user can call\n explicitly. Calling a validator on a function actually\n written in some other language was not checked for and\n could be exploited for privilege-escalation purposes.\n The fix involves adding a call to a privilege-checking\n function in each validator function. Non-core procedural\n languages will also need to make this change to their\n own validator functions, if any.\n\n - CVE-2014-0062 Avoid multiple name lookups during table\n and index DDL (Robert Haas, Andres Freund)\n\n If the name lookups come to different conclusions due to\n concurrent activity, we might perform some parts of the\n DDL on a different table than other parts. At least in\n the case of CREATE INDEX, this can be used to cause the\n permissions checks to be performed against a different\n table than the index creation, allowing for a privilege\n escalation attack.\n\n - CVE-2014-0063 Prevent buffer overrun with long datetime\n strings (Noah Misch)\n\n The MAXDATELEN constant was too small for the longest\n possible value of type interval, allowing a buffer\n overrun in interval_out(). Although the datetime input\n functions were more careful about avoiding buffer\n overrun, the limit was short enough to cause them to\n reject some valid inputs, such as input containing a\n very long timezone name. The ecpg library contained\n these vulnerabilities along with some of its own.\n\n - CVE-2014-0064 Prevent buffer overrun due to integer\n overflow in size calculations (Noah Misch, Heikki\n Linnakangas)\n\n Several functions, mostly type input functions,\n calculated an allocation size without checking for\n overflow. If overflow did occur, a too-small buffer\n would be allocated and then written past.\n\n - CVE-2014-0065 Prevent overruns of fixed-size buffers\n (Peter Eisentraut, Jozef Mlich)\n\n Use strlcpy() and related functions to provide a clear\n guarantee that fixed-size buffers are not overrun.\n Unlike the preceding items, it is unclear whether these\n cases really represent live issues, since in most cases\n there appear to be previous constraints on the size of\n the input string. Nonetheless it seems prudent to\n silence all Coverity warnings of this type.\n\n - CVE-2014-0066 Avoid crashing if crypt() returns NULL\n (Honza Horak, Bruce Momjian)\n\n There are relatively few scenarios in which crypt()\n could return NULL, but contrib/chkpass would crash if it\n did. One practical case in which this could be an issue\n is if libc is configured to refuse to execute unapproved\n hashing algorithms (e.g., ", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DSA-2864.NASL", "href": "https://www.tenable.com/plugins/nessus/72610", "published": "2014-02-21T00:00:00", "title": "Debian DSA-2864-1 : postgresql-8.4 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2864. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72610);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/07/15 14:20:29\");\n\n script_cve_id(\"CVE-2014-0060\", \"CVE-2014-0061\", \"CVE-2014-0062\", \"CVE-2014-0063\", \"CVE-2014-0064\", \"CVE-2014-0065\", \"CVE-2014-0066\", \"CVE-2014-0067\");\n script_bugtraq_id(65728);\n script_xref(name:\"DSA\", value:\"2864\");\n\n script_name(english:\"Debian DSA-2864-1 : postgresql-8.4 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various vulnerabilities were discovered in PostgreSQL :\n\n - CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION\n restrictions (Noah Misch)\n Granting a role without ADMIN OPTION is supposed to\n prevent the grantee from adding or removing members from\n the granted role, but this restriction was easily\n bypassed by doing SET ROLE first. The security impact is\n mostly that a role member can revoke the access of\n others, contrary to the wishes of his grantor.\n Unapproved role member additions are a lesser concern,\n since an uncooperative role member could provide most of\n his rights to others anyway by creating views or\n SECURITY DEFINER functions.\n\n - CVE-2014-0061 Prevent privilege escalation via manual\n calls to PL validator functions (Andres Freund)\n\n The primary role of PL validator functions is to be\n called implicitly during CREATE FUNCTION, but they are\n also normal SQL functions that a user can call\n explicitly. Calling a validator on a function actually\n written in some other language was not checked for and\n could be exploited for privilege-escalation purposes.\n The fix involves adding a call to a privilege-checking\n function in each validator function. Non-core procedural\n languages will also need to make this change to their\n own validator functions, if any.\n\n - CVE-2014-0062 Avoid multiple name lookups during table\n and index DDL (Robert Haas, Andres Freund)\n\n If the name lookups come to different conclusions due to\n concurrent activity, we might perform some parts of the\n DDL on a different table than other parts. At least in\n the case of CREATE INDEX, this can be used to cause the\n permissions checks to be performed against a different\n table than the index creation, allowing for a privilege\n escalation attack.\n\n - CVE-2014-0063 Prevent buffer overrun with long datetime\n strings (Noah Misch)\n\n The MAXDATELEN constant was too small for the longest\n possible value of type interval, allowing a buffer\n overrun in interval_out(). Although the datetime input\n functions were more careful about avoiding buffer\n overrun, the limit was short enough to cause them to\n reject some valid inputs, such as input containing a\n very long timezone name. The ecpg library contained\n these vulnerabilities along with some of its own.\n\n - CVE-2014-0064 Prevent buffer overrun due to integer\n overflow in size calculations (Noah Misch, Heikki\n Linnakangas)\n\n Several functions, mostly type input functions,\n calculated an allocation size without checking for\n overflow. If overflow did occur, a too-small buffer\n would be allocated and then written past.\n\n - CVE-2014-0065 Prevent overruns of fixed-size buffers\n (Peter Eisentraut, Jozef Mlich)\n\n Use strlcpy() and related functions to provide a clear\n guarantee that fixed-size buffers are not overrun.\n Unlike the preceding items, it is unclear whether these\n cases really represent live issues, since in most cases\n there appear to be previous constraints on the size of\n the input string. Nonetheless it seems prudent to\n silence all Coverity warnings of this type.\n\n - CVE-2014-0066 Avoid crashing if crypt() returns NULL\n (Honza Horak, Bruce Momjian)\n\n There are relatively few scenarios in which crypt()\n could return NULL, but contrib/chkpass would crash if it\n did. One practical case in which this could be an issue\n is if libc is configured to refuse to execute unapproved\n hashing algorithms (e.g., 'FIPS mode').\n\n - CVE-2014-0067 Document risks of make check in the\n regression testing instructions (Noah Misch, Tom Lane)\n\n Since the temporary server started by make check uses\n 'trust' authentication, another user on the same machine\n could connect to it as database superuser, and then\n potentially exploit the privileges of the\n operating-system user who started the tests. A future\n release will probably incorporate changes in the testing\n procedure to prevent this risk, but some public\n discussion is needed first. So for the moment, just warn\n people against using make check when there are untrusted\n users on the same machine.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/postgresql-8.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2864\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the postgresql-8.4 packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 8.4.20-0squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libecpg-compat3\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecpg-dev\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libecpg6\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpgtypes3\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpq-dev\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libpq5\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-8.4\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-client\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-client-8.4\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-contrib\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-contrib-8.4\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-doc\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-doc-8.4\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-plperl-8.4\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-plpython-8.4\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-pltcl-8.4\", reference:\"8.4.20-0squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"postgresql-server-dev-8.4\", reference:\"8.4.20-0squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T08:05:57", "bulletinFamily": "scanner", "description": "Updated postgresql packages fix multiple security vulnerabilities :\n\nGranting a role without ADMIN OPTION is supposed to prevent the\ngrantee from adding or removing members from the granted role, but\nthis restriction was easily bypassed by doing SET ROLE first. The\nsecurity impact is mostly that a role member can revoke the access of\nothers, contrary to the wishes of his grantor. Unapproved role member\nadditions are a lesser concern, since an uncooperative role member\ncould provide most of his rights to others anyway by creating views or\nSECURITY DEFINER functions (CVE-2014-0060).\n\nThe primary role of PL validator functions is to be called implicitly\nduring CREATE FUNCTION, but they are also normal SQL functions that a\nuser can call explicitly. Calling a validator on a function actually\nwritten in some other language was not checked for and could be\nexploited for privilege-escalation purposes. The fix involves adding a\ncall to a privilege-checking function in each validator function.\nNon-core procedural languages will also need to make this change to\ntheir own validator functions, if any (CVE-2014-0061).\n\nIf the name lookups come to different conclusions due to concurrent\nactivity, we might perform some parts of the DDL on a different table\nthan other parts. At least in the case of CREATE INDEX, this can be\nused to cause the permissions checks to be performed against a\ndifferent table than the index creation, allowing for a privilege\nescalation attack (CVE-2014-0062).\n\nThe MAXDATELEN constant was too small for the longest possible value\nof type interval, allowing a buffer overrun in interval_out().\nAlthough the datetime input functions were more careful about avoiding\nbuffer overrun, the limit was short enough to cause them to reject\nsome valid inputs, such as input containing a very long timezone name.\nThe ecpg library contained these vulnerabilities along with some of\nits own (CVE-2014-0063).\n\nSeveral functions, mostly type input functions, calculated an\nallocation size without checking for overflow. If overflow did occur,\na too-small buffer would be allocated and then written past\n(CVE-2014-0064).\n\nUse strlcpy() and related functions to provide a clear guarantee that\nfixed-size buffers are not overrun. Unlike the preceding items, it is\nunclear whether these cases really represent live issues, since in\nmost cases there appear to be previous constraints on the size of the\ninput string. Nonetheless it seems prudent to silence all Coverity\nwarnings of this type (CVE-2014-0065).\n\nThere are relatively few scenarios in which crypt() could return NULL,\nbut contrib/chkpass would crash if it did. One practical case in which\nthis could be an issue is if libc is configured to refuse to execute\nunapproved hashing algorithms (e.g., FIPS mode) (CVE-2014-0066).\n\nSince the temporary server started by make check uses trust\nauthentication, another user on the same machine could connect to it\nas database superuser, and then potentially exploit the privileges of\nthe operating-system user who started the tests. A future release will\nprobably incorporate changes in the testing procedure to prevent this\nrisk, but some public discussion is needed first. So for the moment,\njust warn people against using make check when there are untrusted\nusers on the same machine (CVE-2014-0067).\n\nA user with limited clearance on a table might have access to\ninformation in columns without SELECT rights on through server error\nmessages (CVE-2014-8161).\n\nThe function to_char() might read/write past the end of a buffer. This\nmight crash the server when a formatting template is processed\n(CVE-2015-0241).\n\nThe pgcrypto module is vulnerable to stack buffer overrun that might\ncrash the server (CVE-2015-0243).\n\nEmil Lenngren reported that an attacker can inject SQL commands when\nthe synchronization between client and server is lost (CVE-2015-0244).\n\nThis update provides PostgreSQL versions 9.3.6 and 9.2.10 that fix\nthese issues, as well as several others.", "modified": "2019-12-02T00:00:00", "id": "MANDRIVA_MDVSA-2015-110.NASL", "href": "https://www.tenable.com/plugins/nessus/82363", "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : postgresql (MDVSA-2015:110)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:110. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82363);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/08/02 13:32:56\");\n\n script_cve_id(\"CVE-2014-0060\", \"CVE-2014-0061\", \"CVE-2014-0062\", \"CVE-2014-0063\", \"CVE-2014-0064\", \"CVE-2014-0065\", \"CVE-2014-0066\", \"CVE-2014-0067\", \"CVE-2014-8161\", \"CVE-2015-0241\", \"CVE-2015-0242\", \"CVE-2015-0243\", \"CVE-2015-0244\");\n script_xref(name:\"MDVSA\", value:\"2015:110\");\n\n script_name(english:\"Mandriva Linux Security Advisory : postgresql (MDVSA-2015:110)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages fix multiple security vulnerabilities :\n\nGranting a role without ADMIN OPTION is supposed to prevent the\ngrantee from adding or removing members from the granted role, but\nthis restriction was easily bypassed by doing SET ROLE first. The\nsecurity impact is mostly that a role member can revoke the access of\nothers, contrary to the wishes of his grantor. Unapproved role member\nadditions are a lesser concern, since an uncooperative role member\ncould provide most of his rights to others anyway by creating views or\nSECURITY DEFINER functions (CVE-2014-0060).\n\nThe primary role of PL validator functions is to be called implicitly\nduring CREATE FUNCTION, but they are also normal SQL functions that a\nuser can call explicitly. Calling a validator on a function actually\nwritten in some other language was not checked for and could be\nexploited for privilege-escalation purposes. The fix involves adding a\ncall to a privilege-checking function in each validator function.\nNon-core procedural languages will also need to make this change to\ntheir own validator functions, if any (CVE-2014-0061).\n\nIf the name lookups come to different conclusions due to concurrent\nactivity, we might perform some parts of the DDL on a different table\nthan other parts. At least in the case of CREATE INDEX, this can be\nused to cause the permissions checks to be performed against a\ndifferent table than the index creation, allowing for a privilege\nescalation attack (CVE-2014-0062).\n\nThe MAXDATELEN constant was too small for the longest possible value\nof type interval, allowing a buffer overrun in interval_out().\nAlthough the datetime input functions were more careful about avoiding\nbuffer overrun, the limit was short enough to cause them to reject\nsome valid inputs, such as input containing a very long timezone name.\nThe ecpg library contained these vulnerabilities along with some of\nits own (CVE-2014-0063).\n\nSeveral functions, mostly type input functions, calculated an\nallocation size without checking for overflow. If overflow did occur,\na too-small buffer would be allocated and then written past\n(CVE-2014-0064).\n\nUse strlcpy() and related functions to provide a clear guarantee that\nfixed-size buffers are not overrun. Unlike the preceding items, it is\nunclear whether these cases really represent live issues, since in\nmost cases there appear to be previous constraints on the size of the\ninput string. Nonetheless it seems prudent to silence all Coverity\nwarnings of this type (CVE-2014-0065).\n\nThere are relatively few scenarios in which crypt() could return NULL,\nbut contrib/chkpass would crash if it did. One practical case in which\nthis could be an issue is if libc is configured to refuse to execute\nunapproved hashing algorithms (e.g., FIPS mode) (CVE-2014-0066).\n\nSince the temporary server started by make check uses trust\nauthentication, another user on the same machine could connect to it\nas database superuser, and then potentially exploit the privileges of\nthe operating-system user who started the tests. A future release will\nprobably incorporate changes in the testing procedure to prevent this\nrisk, but some public discussion is needed first. So for the moment,\njust warn people against using make check when there are untrusted\nusers on the same machine (CVE-2014-0067).\n\nA user with limited clearance on a table might have access to\ninformation in columns without SELECT rights on through server error\nmessages (CVE-2014-8161).\n\nThe function to_char() might read/write past the end of a buffer. This\nmight crash the server when a formatting template is processed\n(CVE-2015-0241).\n\nThe pgcrypto module is vulnerable to stack buffer overrun that might\ncrash the server (CVE-2015-0243).\n\nEmil Lenngren reported that an attacker can inject SQL commands when\nthe synchronization between client and server is lost (CVE-2015-0244).\n\nThis update provides PostgreSQL versions 9.3.6 and 9.2.10 that fix\nthese issues, as well as several others.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0205.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0069.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg9.2_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg9.3_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq9.2_5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq9.3_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.2-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.3-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.3-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.3-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.3-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.3-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.3-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.3-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.3-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64ecpg9.2_6-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64ecpg9.3_6-9.3.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64pq9.2_5.5-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64pq9.3_5-9.3.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.2-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.2-contrib-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.2-devel-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"postgresql9.2-docs-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.2-pl-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.2-plperl-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.2-plpgsql-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.2-plpython-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.2-pltcl-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.2-server-9.2.10-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.3-9.3.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.3-contrib-9.3.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.3-devel-9.3.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"postgresql9.3-docs-9.3.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.3-pl-9.3.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.3-plperl-9.3.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.3-plpgsql-9.3.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.3-plpython-9.3.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.3-pltcl-9.3.6-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"postgresql9.3-server-9.3.6-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:50", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120168", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120168", "title": "Amazon Linux Local Check: ALAS-2015-492", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-492.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120168\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:19:03 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-492\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in PostgreSQL. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update postgresql92 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-492.html\");\n script_cve_id(\"CVE-2015-0244\", \"CVE-2014-8161\", \"CVE-2015-0241\", \"CVE-2015-0243\", \"CVE-2015-0242\", \"CVE-2014-0067\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"postgresql92-test\", rpm:\"postgresql92-test~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"postgresql92-libs\", rpm:\"postgresql92-libs~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"postgresql92-docs\", rpm:\"postgresql92-docs~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"postgresql92-plperl\", rpm:\"postgresql92-plperl~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"postgresql92-debuginfo\", rpm:\"postgresql92-debuginfo~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"postgresql92-plpython\", rpm:\"postgresql92-plpython~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"postgresql92-devel\", rpm:\"postgresql92-devel~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"postgresql92-server\", rpm:\"postgresql92-server~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"postgresql92-pltcl\", rpm:\"postgresql92-pltcl~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"postgresql92-contrib\", rpm:\"postgresql92-contrib~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"postgresql92-server-compat\", rpm:\"postgresql92-server-compat~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"postgresql92\", rpm:\"postgresql92~9.2.10~1.49.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:27", "bulletinFamily": "scanner", "description": "Various vulnerabilities were discovered in PostgreSQL:\n\nCVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee\nfrom adding or removing members from the granted role, but this\nrestriction was easily bypassed by doing SET ROLE first. The security\nimpact is mostly that a role member can revoke the access of others,\ncontrary to the wishes of his grantor. Unapproved role member additions\nare a lesser concern, since an uncooperative role member could provide\nmost of his rights to others anyway by creating views or SECURITY\nDEFINER functions.\n\nDescription truncated. Please see the references for more information.", "modified": "2019-03-19T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:1361412562310702865", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702865", "title": "Debian Security Advisory DSA 2865-1 (postgresql-9.1 - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2865.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2865-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702865\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-0060\", \"CVE-2014-0061\", \"CVE-2014-0062\", \"CVE-2014-0063\", \"CVE-2014-0064\", \"CVE-2014-0065\", \"CVE-2014-0066\", \"CVE-2014-0067\");\n script_name(\"Debian Security Advisory DSA 2865-1 (postgresql-9.1 - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 00:00:00 +0100 (Thu, 20 Feb 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2865.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"postgresql-9.1 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 9.1_9.1.12-0wheezy1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.3.3-1 of the postgresql-9.3 package.\n\nWe recommend that you upgrade your postgresql-9.1 packages.\");\n script_tag(name:\"summary\", value:\"Various vulnerabilities were discovered in PostgreSQL:\n\nCVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee\nfrom adding or removing members from the granted role, but this\nrestriction was easily bypassed by doing SET ROLE first. The security\nimpact is mostly that a role member can revoke the access of others,\ncontrary to the wishes of his grantor. Unapproved role member additions\nare a lesser concern, since an uncooperative role member could provide\nmost of his rights to others anyway by creating views or SECURITY\nDEFINER functions.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpq5\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-9.1-dbg\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-client-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-contrib-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-doc-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-plperl-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-plpython-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-plpython3-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-pltcl-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-server-dev-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-08-02T10:49:03", "bulletinFamily": "scanner", "description": "Various vulnerabilities were discovered in PostgreSQL:\n\nCVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee\nfrom adding or removing members from the granted role, but this\nrestriction was easily bypassed by doing SET ROLE first. The security\nimpact is mostly that a role member can revoke the access of others,\ncontrary to the wishes of his grantor. Unapproved role member additions\nare a lesser concern, since an uncooperative role member could provide\nmost of his rights to others anyway by creating views or SECURITY\nDEFINER functions.\n\nCVE-2014-0061 Prevent privilege escalation via manual calls to PL validator functions\n(Andres Freund)\n\nThe primary role of PL validator functions is to be called implicitly\nduring CREATE FUNCTION, but they are also normal SQL functions that a\nuser can call explicitly. Calling a validator on a function actually\nwritten in some other language was not checked for and could be\nexploited for privilege-escalation purposes. The fix involves adding a\ncall to a privilege-checking function in each validator function.\nNon-core procedural languages will also need to make this change to\ntheir own validator functions, if any.\n\nCVE-2014-0062 Avoid multiple name lookups during table and index DDL\n(Robert Haas, Andres Freund)\n\nIf the name lookups come to different conclusions due to concurrent\nactivity, we might perform some parts of the DDL on a different table\nthan other parts. At least in the case of CREATE INDEX, this can be used\nto cause the permissions checks to be performed against a different\ntable than the index creation, allowing for a privilege escalation\nattack.\n\nCVE-2014-0063 Prevent buffer overrun with long datetime strings (Noah Misch)\n\nThe MAXDATELEN constant was too small for the longest possible value of\ntype interval, allowing a buffer overrun in interval_out(). Although the\ndatetime input functions were more careful about avoiding buffer\noverrun, the limit was short enough to cause them to reject some valid\ninputs, such as input containing a very long timezone name. The ecpg\nlibrary contained these vulnerabilities along with some of its own.\n\nCVE-2014-0064 Prevent buffer overrun due to integer overflow in size calculations\n(Noah Misch, Heikki Linnakangas)\n\nSeveral functions, mostly type input functions, calculated an allocation\nsize without checking for overflow. If overflow did occur, a too-small\nbuffer would be allocated and then written past.\n\nCVE-2014-0065 Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)\n\nUse strlcpy() and related functions to provide a clear guarantee that\nfixed-size buffers are not overrun. Unlike the preceding items, it is\nunclear whether these cases really represent live issues, since in most\ncases there appear to be previous constraints on the size of the input\nstring. Nonetheless it seems prudent to silence all Coverity warnings of\nthis type.\n\nCVE-2014-0066 Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian)\nThere are relatively few scenarios in which crypt() could return NULL,\nbut contrib/chkpass would crash if it did. One practical case in which\nthis could be an issue is if libc is configured to refuse to execute\nunapproved hashing algorithms (e.g., FIPS mode \n).\n\nCVE-2014-0067 Document risks of make check in the regression testing instructions\n(Noah Misch, Tom Lane)\nSince the temporary server started by make check uses trust \n\nauthentication, another user on the same machine could connect to it as\ndatabase superuser, and then potentially exploit the privileges of the\noperating-system user who started the tests. A future release will\nprobably incorporate changes in the testing procedure to prevent this\nrisk, but some public discussion is needed first. So for the moment,\njust warn people against using make check when there are untrusted users\non the same machine.", "modified": "2017-07-18T00:00:00", "published": "2014-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702864", "id": "OPENVAS:702864", "title": "Debian Security Advisory DSA 2864-1 (postgresql-8.4 - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2864.nasl 6750 2017-07-18 09:56:47Z teissa $\n# Auto-generated from advisory DSA 2864-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"postgresql-8.4 on Debian Linux\";\ntag_insight = \"PostgreSQL is a fully featured object-relational database management\nsystem. It supports a large part of the SQL standard and is designed\nto be extensible by users in many aspects. Some of the features are:\nACID transactions, foreign keys, views, sequences, subqueries,\ntriggers, user-defined types and functions, outer joins, multiversion\nconcurrency control. Graphical user interfaces and bindings for many\nprogramming languages are available as well.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 8.4.20-0squeeze1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.3.3-1 of the postgresql-9.3 package.\n\nWe recommend that you upgrade your postgresql-8.4 packages.\";\ntag_summary = \"Various vulnerabilities were discovered in PostgreSQL:\n\nCVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee\nfrom adding or removing members from the granted role, but this\nrestriction was easily bypassed by doing SET ROLE first. The security\nimpact is mostly that a role member can revoke the access of others,\ncontrary to the wishes of his grantor. Unapproved role member additions\nare a lesser concern, since an uncooperative role member could provide\nmost of his rights to others anyway by creating views or SECURITY\nDEFINER functions.\n\nCVE-2014-0061 Prevent privilege escalation via manual calls to PL validator functions\n(Andres Freund)\n\nThe primary role of PL validator functions is to be called implicitly\nduring CREATE FUNCTION, but they are also normal SQL functions that a\nuser can call explicitly. Calling a validator on a function actually\nwritten in some other language was not checked for and could be\nexploited for privilege-escalation purposes. The fix involves adding a\ncall to a privilege-checking function in each validator function.\nNon-core procedural languages will also need to make this change to\ntheir own validator functions, if any.\n\nCVE-2014-0062 Avoid multiple name lookups during table and index DDL\n(Robert Haas, Andres Freund)\n\nIf the name lookups come to different conclusions due to concurrent\nactivity, we might perform some parts of the DDL on a different table\nthan other parts. At least in the case of CREATE INDEX, this can be used\nto cause the permissions checks to be performed against a different\ntable than the index creation, allowing for a privilege escalation\nattack.\n\nCVE-2014-0063 Prevent buffer overrun with long datetime strings (Noah Misch)\n\nThe MAXDATELEN constant was too small for the longest possible value of\ntype interval, allowing a buffer overrun in interval_out(). Although the\ndatetime input functions were more careful about avoiding buffer\noverrun, the limit was short enough to cause them to reject some valid\ninputs, such as input containing a very long timezone name. The ecpg\nlibrary contained these vulnerabilities along with some of its own.\n\nCVE-2014-0064 Prevent buffer overrun due to integer overflow in size calculations\n(Noah Misch, Heikki Linnakangas)\n\nSeveral functions, mostly type input functions, calculated an allocation\nsize without checking for overflow. If overflow did occur, a too-small\nbuffer would be allocated and then written past.\n\nCVE-2014-0065 Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)\n\nUse strlcpy() and related functions to provide a clear guarantee that\nfixed-size buffers are not overrun. Unlike the preceding items, it is\nunclear whether these cases really represent live issues, since in most\ncases there appear to be previous constraints on the size of the input\nstring. Nonetheless it seems prudent to silence all Coverity warnings of\nthis type.\n\nCVE-2014-0066 Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian)\nThere are relatively few scenarios in which crypt() could return NULL,\nbut contrib/chkpass would crash if it did. One practical case in which\nthis could be an issue is if libc is configured to refuse to execute\nunapproved hashing algorithms (e.g., FIPS mode \n).\n\nCVE-2014-0067 Document risks of make check in the regression testing instructions\n(Noah Misch, Tom Lane)\nSince the temporary server started by make check uses trust \n\nauthentication, another user on the same machine could connect to it as\ndatabase superuser, and then potentially exploit the privileges of the\noperating-system user who started the tests. A future release will\nprobably incorporate changes in the testing procedure to prevent this\nrisk, but some public discussion is needed first. So for the moment,\njust warn people against using make check when there are untrusted users\non the same machine.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702864);\n script_version(\"$Revision: 6750 $\");\n script_cve_id(\"CVE-2014-0060\", \"CVE-2014-0061\", \"CVE-2014-0062\", \"CVE-2014-0063\", \"CVE-2014-0064\", \"CVE-2014-0065\", \"CVE-2014-0066\", \"CVE-2014-0067\");\n script_name(\"Debian Security Advisory DSA 2864-1 (postgresql-8.4 - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-18 11:56:47 +0200 (Tue, 18 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-02-20 00:00:00 +0100 (Thu, 20 Feb 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2864.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:23", "bulletinFamily": "scanner", "description": "Various vulnerabilities were discovered in PostgreSQL:\n\nCVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee\nfrom adding or removing members from the granted role, but this\nrestriction was easily bypassed by doing SET ROLE first. The security\nimpact is mostly that a role member can revoke the access of others,\ncontrary to the wishes of his grantor. Unapproved role member additions\nare a lesser concern, since an uncooperative role member could provide\nmost of his rights to others anyway by creating views or SECURITY\nDEFINER functions.\n\nDescription truncated. Please see the references for more information.", "modified": "2019-03-18T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:1361412562310702864", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702864", "title": "Debian Security Advisory DSA 2864-1 (postgresql-8.4 - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2864.nasl 14277 2019-03-18 14:45:38Z cfischer $\n# Auto-generated from advisory DSA 2864-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702864\");\n script_version(\"$Revision: 14277 $\");\n script_cve_id(\"CVE-2014-0060\", \"CVE-2014-0061\", \"CVE-2014-0062\", \"CVE-2014-0063\", \"CVE-2014-0064\", \"CVE-2014-0065\", \"CVE-2014-0066\", \"CVE-2014-0067\");\n script_name(\"Debian Security Advisory DSA 2864-1 (postgresql-8.4 - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:45:38 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 00:00:00 +0100 (Thu, 20 Feb 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2864.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_tag(name:\"affected\", value:\"postgresql-8.4 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 8.4.20-0squeeze1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.3.3-1 of the postgresql-9.3 package.\n\nWe recommend that you upgrade your postgresql-8.4 packages.\");\n script_tag(name:\"summary\", value:\"Various vulnerabilities were discovered in PostgreSQL:\n\nCVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee\nfrom adding or removing members from the granted role, but this\nrestriction was easily bypassed by doing SET ROLE first. The security\nimpact is mostly that a role member can revoke the access of others,\ncontrary to the wishes of his grantor. Unapproved role member additions\nare a lesser concern, since an uncooperative role member could provide\nmost of his rights to others anyway by creating views or SECURITY\nDEFINER functions.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-client-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-contrib-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-doc-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-plperl-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-plpython-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.4\", ver:\"8.4.20-0squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-08-01T10:48:38", "bulletinFamily": "scanner", "description": "Various vulnerabilities were discovered in PostgreSQL:\n\nCVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee\nfrom adding or removing members from the granted role, but this\nrestriction was easily bypassed by doing SET ROLE first. The security\nimpact is mostly that a role member can revoke the access of others,\ncontrary to the wishes of his grantor. Unapproved role member additions\nare a lesser concern, since an uncooperative role member could provide\nmost of his rights to others anyway by creating views or SECURITY\nDEFINER functions.\n\nCVE-2014-0061 Prevent privilege escalation via manual calls to PL validator functions\n(Andres Freund)\n\nThe primary role of PL validator functions is to be called implicitly\nduring CREATE FUNCTION, but they are also normal SQL functions that a\nuser can call explicitly. Calling a validator on a function actually\nwritten in some other language was not checked for and could be\nexploited for privilege-escalation purposes. The fix involves adding a\ncall to a privilege-checking function in each validator function.\nNon-core procedural languages will also need to make this change to\ntheir own validator functions, if any.\n\nCVE-2014-0062 Avoid multiple name lookups during table and index DDL\n(Robert Haas, Andres Freund)\n\nIf the name lookups come to different conclusions due to concurrent\nactivity, we might perform some parts of the DDL on a different table\nthan other parts. At least in the case of CREATE INDEX, this can be used\nto cause the permissions checks to be performed against a different\ntable than the index creation, allowing for a privilege escalation\nattack.\n\nCVE-2014-0063 Prevent buffer overrun with long datetime strings (Noah Misch)\n\nThe MAXDATELEN constant was too small for the longest possible value of\ntype interval, allowing a buffer overrun in interval_out(). Although the\ndatetime input functions were more careful about avoiding buffer\noverrun, the limit was short enough to cause them to reject some valid\ninputs, such as input containing a very long timezone name. The ecpg\nlibrary contained these vulnerabilities along with some of its own.\n\nCVE-2014-0064 Prevent buffer overrun due to integer overflow in size calculations\n(Noah Misch, Heikki Linnakangas)\n\nSeveral functions, mostly type input functions, calculated an allocation\nsize without checking for overflow. If overflow did occur, a too-small\nbuffer would be allocated and then written past.\n\nCVE-2014-0065 Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)\n\nUse strlcpy() and related functions to provide a clear guarantee that\nfixed-size buffers are not overrun. Unlike the preceding items, it is\nunclear whether these cases really represent live issues, since in most\ncases there appear to be previous constraints on the size of the input\nstring. Nonetheless it seems prudent to silence all Coverity warnings of\nthis type.\n\nCVE-2014-0066 Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian)\nThere are relatively few scenarios in which crypt() could return NULL,\nbut contrib/chkpass would crash if it did. One practical case in which\nthis could be an issue is if libc is configured to refuse to execute\nunapproved hashing algorithms (e.g., FIPS mode \n).\n\nCVE-2014-0067 Document risks of make check in the regression testing instructions\n(Noah Misch, Tom Lane)\nSince the temporary server started by make check uses trust \n\nauthentication, another user on the same machine could connect to it as\ndatabase superuser, and then potentially exploit the privileges of the\noperating-system user who started the tests. A future release will\nprobably incorporate changes in the testing procedure to prevent this\nrisk, but some public discussion is needed first. So for the moment,\njust warn people against using make check when there are untrusted users\non the same machine.", "modified": "2017-07-17T00:00:00", "published": "2014-02-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702865", "id": "OPENVAS:702865", "title": "Debian Security Advisory DSA 2865-1 (postgresql-9.1 - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2865.nasl 6735 2017-07-17 09:56:49Z teissa $\n# Auto-generated from advisory DSA 2865-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"postgresql-9.1 on Debian Linux\";\ntag_insight = \"PostgreSQL is a fully featured object-relational database management\nsystem. It supports a large part of the SQL standard and is designed\nto be extensible by users in many aspects. Some of the features are:\nACID transactions, foreign keys, views, sequences, subqueries,\ntriggers, user-defined types and functions, outer joins, multiversion\nconcurrency control. Graphical user interfaces and bindings for many\nprogramming languages are available as well.\";\ntag_solution = \"For the stable distribution (wheezy), these problems have been fixed in\nversion 9.1_9.1.12-0wheezy1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.3.3-1 of the postgresql-9.3 package.\n\nWe recommend that you upgrade your postgresql-9.1 packages.\";\ntag_summary = \"Various vulnerabilities were discovered in PostgreSQL:\n\nCVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n\nGranting a role without ADMIN OPTION is supposed to prevent the grantee\nfrom adding or removing members from the granted role, but this\nrestriction was easily bypassed by doing SET ROLE first. The security\nimpact is mostly that a role member can revoke the access of others,\ncontrary to the wishes of his grantor. Unapproved role member additions\nare a lesser concern, since an uncooperative role member could provide\nmost of his rights to others anyway by creating views or SECURITY\nDEFINER functions.\n\nCVE-2014-0061 Prevent privilege escalation via manual calls to PL validator functions\n(Andres Freund)\n\nThe primary role of PL validator functions is to be called implicitly\nduring CREATE FUNCTION, but they are also normal SQL functions that a\nuser can call explicitly. Calling a validator on a function actually\nwritten in some other language was not checked for and could be\nexploited for privilege-escalation purposes. The fix involves adding a\ncall to a privilege-checking function in each validator function.\nNon-core procedural languages will also need to make this change to\ntheir own validator functions, if any.\n\nCVE-2014-0062 Avoid multiple name lookups during table and index DDL\n(Robert Haas, Andres Freund)\n\nIf the name lookups come to different conclusions due to concurrent\nactivity, we might perform some parts of the DDL on a different table\nthan other parts. At least in the case of CREATE INDEX, this can be used\nto cause the permissions checks to be performed against a different\ntable than the index creation, allowing for a privilege escalation\nattack.\n\nCVE-2014-0063 Prevent buffer overrun with long datetime strings (Noah Misch)\n\nThe MAXDATELEN constant was too small for the longest possible value of\ntype interval, allowing a buffer overrun in interval_out(). Although the\ndatetime input functions were more careful about avoiding buffer\noverrun, the limit was short enough to cause them to reject some valid\ninputs, such as input containing a very long timezone name. The ecpg\nlibrary contained these vulnerabilities along with some of its own.\n\nCVE-2014-0064 Prevent buffer overrun due to integer overflow in size calculations\n(Noah Misch, Heikki Linnakangas)\n\nSeveral functions, mostly type input functions, calculated an allocation\nsize without checking for overflow. If overflow did occur, a too-small\nbuffer would be allocated and then written past.\n\nCVE-2014-0065 Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)\n\nUse strlcpy() and related functions to provide a clear guarantee that\nfixed-size buffers are not overrun. Unlike the preceding items, it is\nunclear whether these cases really represent live issues, since in most\ncases there appear to be previous constraints on the size of the input\nstring. Nonetheless it seems prudent to silence all Coverity warnings of\nthis type.\n\nCVE-2014-0066 Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian)\nThere are relatively few scenarios in which crypt() could return NULL,\nbut contrib/chkpass would crash if it did. One practical case in which\nthis could be an issue is if libc is configured to refuse to execute\nunapproved hashing algorithms (e.g., FIPS mode \n).\n\nCVE-2014-0067 Document risks of make check in the regression testing instructions\n(Noah Misch, Tom Lane)\nSince the temporary server started by make check uses trust \n\nauthentication, another user on the same machine could connect to it as\ndatabase superuser, and then potentially exploit the privileges of the\noperating-system user who started the tests. A future release will\nprobably incorporate changes in the testing procedure to prevent this\nrisk, but some public discussion is needed first. So for the moment,\njust warn people against using make check when there are untrusted users\non the same machine.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702865);\n script_version(\"$Revision: 6735 $\");\n script_cve_id(\"CVE-2014-0060\", \"CVE-2014-0061\", \"CVE-2014-0062\", \"CVE-2014-0063\", \"CVE-2014-0064\", \"CVE-2014-0065\", \"CVE-2014-0066\", \"CVE-2014-0067\");\n script_name(\"Debian Security Advisory DSA 2865-1 (postgresql-9.1 - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-17 11:56:49 +0200 (Mon, 17 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-02-20 00:00:00 +0100 (Thu, 20 Feb 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2865.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-9.1-dbg\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython3-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-9.1-dbg\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython3-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-9.1-dbg\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython3-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-9.1-dbg\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython3-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-9.1\", ver:\"9.1_9.1.12-0wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2019-05-29T17:22:44", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL. ([CVE-2015-0241 __](<https://access.redhat.com/security/cve/CVE-2015-0241>))\n\nA buffer overflow flaw was found in the PostgreSQL's internal printf() implementation. An authenticated database user could use a specially crafted string in an SQL query to cause PostgreSQL to crash or, potentially, lead to privilege escalation. ([CVE-2015-0242 __](<https://access.redhat.com/security/cve/CVE-2015-0242>))\n\nA stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. ([CVE-2015-0243 __](<https://access.redhat.com/security/cve/CVE-2015-0243>))\n\nA flaw was found in way PostgreSQL handled certain errors during that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection. ([CVE-2015-0244 __](<https://access.redhat.com/security/cve/CVE-2015-0244>))\n\nThe \"make check\" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. ([CVE-2014-0067 __](<https://access.redhat.com/security/cve/CVE-2014-0067>))\n\nAn information leak flaw was found in the way certain the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed. ([CVE-2014-8161 __](<https://access.redhat.com/security/cve/CVE-2014-8161>))\n\n \n**Affected Packages:** \n\n\npostgresql92\n\n \n**Issue Correction:** \nRun _yum update postgresql92_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n postgresql92-test-9.2.10-1.49.amzn1.i686 \n postgresql92-libs-9.2.10-1.49.amzn1.i686 \n postgresql92-docs-9.2.10-1.49.amzn1.i686 \n postgresql92-plperl-9.2.10-1.49.amzn1.i686 \n postgresql92-debuginfo-9.2.10-1.49.amzn1.i686 \n postgresql92-plpython-9.2.10-1.49.amzn1.i686 \n postgresql92-devel-9.2.10-1.49.amzn1.i686 \n postgresql92-server-9.2.10-1.49.amzn1.i686 \n postgresql92-pltcl-9.2.10-1.49.amzn1.i686 \n postgresql92-contrib-9.2.10-1.49.amzn1.i686 \n postgresql92-server-compat-9.2.10-1.49.amzn1.i686 \n postgresql92-9.2.10-1.49.amzn1.i686 \n \n src: \n postgresql92-9.2.10-1.49.amzn1.src \n \n x86_64: \n postgresql92-server-compat-9.2.10-1.49.amzn1.x86_64 \n postgresql92-test-9.2.10-1.49.amzn1.x86_64 \n postgresql92-devel-9.2.10-1.49.amzn1.x86_64 \n postgresql92-docs-9.2.10-1.49.amzn1.x86_64 \n postgresql92-pltcl-9.2.10-1.49.amzn1.x86_64 \n postgresql92-9.2.10-1.49.amzn1.x86_64 \n postgresql92-contrib-9.2.10-1.49.amzn1.x86_64 \n postgresql92-debuginfo-9.2.10-1.49.amzn1.x86_64 \n postgresql92-libs-9.2.10-1.49.amzn1.x86_64 \n postgresql92-server-9.2.10-1.49.amzn1.x86_64 \n postgresql92-plpython-9.2.10-1.49.amzn1.x86_64 \n postgresql92-plperl-9.2.10-1.49.amzn1.x86_64 \n \n \n", "modified": "2015-03-13T02:49:00", "published": "2015-03-13T02:49:00", "id": "ALAS-2015-492", "href": "https://alas.aws.amazon.com/ALAS-2015-492.html", "title": "Medium: postgresql92", "type": "amazon", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:30", "bulletinFamily": "unix", "description": "\nPostgreSQL Project reports:\n\nThis update fixes CVE-2014-0060, in which PostgreSQL did not\n\t properly enforce the WITH ADMIN OPTION permission for ROLE management.\n\t Before this fix, any member of a ROLE was able to grant others access\n\t to the same ROLE regardless if the member was given the WITH ADMIN\n\t OPTION permission. It also fixes multiple privilege escalation issues,\n\t including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,\n\t CVE-2014-0065, and CVE-2014-0066. More information on these issues can\n\t be found on our security page and the security issue detail wiki page.\n\t \n\n\t With this release, we are also alerting users to a known security hole\n\t that allows other users on the same machine to gain access to an\n\t operating system account while it is doing \"make check\":\n\t CVE-2014-0067. \"Make check\" is normally part of building PostgreSQL\n\t from source code. As it is not possible to fix this issue without\n\t causing significant issues to our testing infrastructure, a patch will\n\t be released separately and publicly. Until then, users are strongly\n\t advised not to run \"make check\" on machines where untrusted users have\n\t accounts.\n\n", "modified": "2014-02-20T00:00:00", "published": "2014-02-20T00:00:00", "id": "42D42090-9A4D-11E3-B029-08002798F6FF", "href": "https://vuxml.freebsd.org/freebsd/42d42090-9a4d-11e3-b029-08002798f6ff.html", "title": "PostgreSQL -- multiple privilege issues", "type": "freebsd", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "description": "DoS, privilege escalations, memory corruptions.", "modified": "2014-02-28T00:00:00", "published": "2014-02-28T00:00:00", "id": "SECURITYVULNS:VULN:13584", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13584", "title": "PostgreSQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device's Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\r\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\r\nWang (Indiana University)\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued's\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford (on the EPSRC Being There project)\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\r\n\r\nDate & Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users' Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework's 'runner'\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework's 'runner' binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n(@jollyjinx) of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit's handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "Over 150 different vulnerabilities in system components and libraries.", "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}