The remote host is missing an update for the 'postgresql' package(s) on CentOS 5, released via CESA-2012:103
Reporter | Title | Published | Views | Family All 196 |
---|---|---|---|---|
![]() | postgresql security update | 25 Jun 201222:25 | – | centos |
![]() | postgresql, postgresql84 security update | 25 Jun 201222:38 | – | centos |
![]() | php53 security update | 27 Jun 201220:24 | – | centos |
![]() | php security update | 10 Jul 201217:36 | – | centos |
![]() | CVE-2012-2143 | 5 Jul 201214:00 | – | cvelist |
![]() | (RHSA-2012:1036) Moderate: postgresql security update | 25 Jun 201200:00 | – | redhat |
![]() | (RHSA-2012:1037) Moderate: postgresql and postgresql84 security update | 25 Jun 201200:00 | – | redhat |
![]() | (RHSA-2012:1047) Moderate: php53 security update | 27 Jun 201200:00 | – | redhat |
![]() | (RHSA-2012:1046) Moderate: php security update | 27 Jun 201200:00 | – | redhat |
![]() | FreeBSD : FreeBSD -- Incorrect crypt() hashing (185ff22e-c066-11e1-b5e0-000c299b62e1) | 28 Jun 201200:00 | – | nessus |
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2012-June/018698.html");
script_oid("1.3.6.1.4.1.25623.1.0.881195");
script_version("2023-07-10T08:07:43+0000");
script_tag(name:"last_modification", value:"2023-07-10 08:07:43 +0000 (Mon, 10 Jul 2023)");
script_tag(name:"creation_date", value:"2012-07-30 16:40:08 +0530 (Mon, 30 Jul 2012)");
script_cve_id("CVE-2012-2143");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_xref(name:"CESA", value:"2012:1036");
script_name("CentOS Update for postgresql CESA-2012:1036 centos5");
script_tag(name:"summary", value:"The remote host is missing an update for the 'postgresql'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS5");
script_tag(name:"affected", value:"postgresql on CentOS 5");
script_tag(name:"solution", value:"Please install the updated packages.");
script_tag(name:"insight", value:"PostgreSQL is an advanced object-relational database management system
(DBMS).
A flaw was found in the way the crypt() password hashing function from the
optional PostgreSQL pgcrypto contrib module performed password
transformation when used with the DES algorithm. If the password string to
be hashed contained the 0x80 byte value, the remainder of the string was
ignored when calculating the hash, significantly reducing the password
strength. This made brute-force guessing more efficient as the whole
password was not required to gain access to protected resources.
(CVE-2012-2143)
Note: With this update, the rest of the string is properly included in the
DES hash. Therefore, any previously stored password values that are
affected by this issue will no longer match. In such cases, it will be
necessary for those stored password hashes to be updated.
Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters
of this issue.
All PostgreSQL users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. If the postgresql
service is running, it will be automatically restarted after installing
this update.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS5")
{
if ((res = isrpmvuln(pkg:"postgresql", rpm:"postgresql~8.1.23~5.el5_8", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-contrib", rpm:"postgresql-contrib~8.1.23~5.el5_8", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-devel", rpm:"postgresql-devel~8.1.23~5.el5_8", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-docs", rpm:"postgresql-docs~8.1.23~5.el5_8", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-libs", rpm:"postgresql-libs~8.1.23~5.el5_8", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-pl", rpm:"postgresql-pl~8.1.23~5.el5_8", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-python", rpm:"postgresql-python~8.1.23~5.el5_8", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-server", rpm:"postgresql-server~8.1.23~5.el5_8", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-tcl", rpm:"postgresql-tcl~8.1.23~5.el5_8", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-test", rpm:"postgresql-test~8.1.23~5.el5_8", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo