Lucene search
Copyright (C) 2013 Greenbone AGOPENVAS:1361412562310841385HistoryApr 05, 2013 - 12:00 a.m.
Ubuntu: Security Advisory (USN-1789-1)
2013-04-0500:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
15
7.5 High
AI Score
Confidence
High
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.841385");
script_cve_id("CVE-2013-1899", "CVE-2013-1900", "CVE-2013-1901");
script_tag(name:"creation_date", value:"2013-04-05 08:21:38 +0000 (Fri, 05 Apr 2013)");
script_version("2024-02-02T05:06:04+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"8.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:C/I:C/A:C");
script_name("Ubuntu: Security Advisory (USN-1789-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(10\.04\ LTS|11\.10|12\.04\ LTS|12\.10|8\.04\ LTS)");
script_xref(name:"Advisory-ID", value:"USN-1789-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-1789-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'postgresql-8.3, postgresql-8.4, postgresql-9.1' package(s) announced via the USN-1789-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL
incorrectly handled certain connection requests containing database names
starting with a dash. A remote attacker could use this flaw to damage or
destroy files within a server's data directory. This issue only applied to
Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1899)
Marko Kreen discovered that PostgreSQL incorrectly generated random
numbers. An authenticated attacker could use this flaw to possibly guess
another database user's random numbers. (CVE-2013-1900)
Noah Misch discovered that PostgreSQL incorrectly handled certain privilege
checks. An unprivileged attacker could use this flaw to possibly interfere
with in-progress backups. This issue only applied to Ubuntu 11.10,
Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1901)");
script_tag(name:"affected", value:"'postgresql-8.3, postgresql-8.4, postgresql-9.1' package(s) on Ubuntu 8.04, Ubuntu 10.04, Ubuntu 11.10, Ubuntu 12.04, Ubuntu 12.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU10.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"postgresql-8.4", ver:"8.4.17-0ubuntu10.04", rls:"UBUNTU10.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU11.10") {
if(!isnull(res = isdpkgvuln(pkg:"postgresql-9.1", ver:"9.1.9-0ubuntu11.10", rls:"UBUNTU11.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU12.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"postgresql-9.1", ver:"9.1.9-0ubuntu12.04", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU12.10") {
if(!isnull(res = isdpkgvuln(pkg:"postgresql-9.1", ver:"9.1.9-0ubuntu12.10", rls:"UBUNTU12.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU8.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"postgresql-8.3", ver:"8.3.23-0ubuntu8.04.1", rls:"UBUNTU8.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Amazon Linux AMI : postgresql9 (ALAS-2013-178)
2013-09-04 00:00:00
Debian DSA-2657-1 : postgresql-8.4 - guessable random numbers
2013-04-05 00:00:00
openSUSE Security Update : postgresql91 (openSUSE-SU-2013:0627-1)
2014-06-13 00:00:00
debian
debian
[BSA-080] Security Update for postgresql-9.1
2013-04-08 08:27:20
[SECURITY] [DSA 2657-1] postgresql-8.4 security update
2013-04-04 13:47:32
[SECURITY] [DSA 2658-1] postgresql-9.1 security update
2013-04-04 14:06:41
openvas
openvas
Ubuntu Update for postgresql-9.1 USN-1789-1
2013-04-05 00:00:00
securityvulns
securityvulns
PostgreSQL multiple security vulnerabilities
2013-04-08 00:00:00
[USN-1789-1] PostgreSQL vulnerabilities
2013-04-08 00:00:00
ESA-2013-040: RSAยฎ Authentication Manager 8.0 Multiple Vulnerabilities
2013-06-04 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2013-04-04 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: postgresql-9.2.4-1.fc19
2013-04-20 19:59:46
[SECURITY] Fedora 18 Update: postgresql-9.2.4-1.fc18
2013-04-05 22:59:41
[SECURITY] Fedora 17 Update: postgresql-9.1.9-1.fc17
2013-04-05 23:11:53
amazon
amazon
Critical: postgresql9
2013-04-04 11:49:00
Medium: postgresql8
2013-11-03 12:09:00
suse
suse
postgresql: security and bugfix update to 9.0.13 (important)
2013-04-08 07:04:30
postgresql91 to version 9.1.9. (important)
2013-04-05 10:04:26
Security update for PostgreSQL (important)
2013-04-23 22:04:36
osv
osv
postgresql-9.1 - several
2013-04-04 00:00:00
postgresql-8.4 - guessable random numbers
2013-04-04 00:00:00
freebsd
freebsd
PostgreSQL -- anonymous remote access data corruption vulnerability
2013-04-04 00:00:00
vmware
vmware
VMware vFabric Postgres security updates
2013-04-04 00:00:00
checkpoint_advisories
checkpoint_advisories
PostgreSQL Database Name Command Line Flag Injection (CVE-2013-1899)
2013-11-18 00:00:00
ubuntucve
ubuntucve
threatpost
threatpost
Vulnerability Patched in PostgreSQL Database Server
2013-04-04 14:41:38
metasploit
metasploit
PostgreSQL Database Name Command Line Flag Injection
2013-04-04 15:19:47
huawei
huawei
postgresql
postgresql
Vulnerability in core server (CVE-2013-1901)
2013-04-04 17:55:00
Vulnerability in core server (CVE-2013-1899)
2013-04-04 17:55:00
Vulnerability in contrib module (CVE-2013-1900)
2013-04-04 17:55:00
cve
cve
seebug
seebug
PostgreSQL ๆ็ปๆๅกๅไปฃ็ ๆง่กๆผๆด(CVE-2013-1899)
2013-04-08 00:00:00
PostgreSQL ๅฎๅ
จ็ป่ฟๆผๆด(CVE-2013-1901)
2013-04-08 00:00:00
prion
prion
Design/Logic Flaw
2013-04-04 17:55:00
Design/Logic Flaw
2013-04-04 17:55:00
Code injection
2013-04-04 17:55:00
veracode
veracode
Weak Random Number Generator
2019-05-02 04:56:48
redhat
redhat
(RHSA-2013:1475) Moderate: postgresql and postgresql84 security update
2013-10-29 00:00:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2014-08-29 00:00:00
oraclelinux
oraclelinux
postgresql and postgresql84 security update
2013-10-29 00:00:00
centos
centos
postgresql, postgresql84 security update
2013-10-29 20:28:29
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
7.5 High
AI Score
Confidence
High
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
Related for OPENVAS:1361412562310841385