Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CentOS Update for postgresql CESA-2011:0197 centos4 x86_64

🗓️ 30 Jul 2012 00:00:00Reported by Copyright (C) 2012 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 16 Views

The remote host is missing an update for the 'postgresql' package(s) announced via the referenced advisory. A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database, which could cause a temporary denial of service or potentially execute arbitrary code

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
Cvelist		CVE-2010-4015
2 Feb 201100:00
cvelist
ALT Linux		Security fix for the ALT Linux 9 package postgresql12 version 9.0.3-alt1
2 Feb 201100:00
altlinux
ALT Linux		Security fix for the ALT Linux 8 package postgresql9.6 version 9.0.3-alt1
2 Feb 201100:00
altlinux
ALT Linux		Security fix for the ALT Linux 8 package postgresql12 version 9.0.3-alt1
2 Feb 201100:00
altlinux
ALT Linux		Security fix for the ALT Linux 8 package postgresql10 version 9.0.3-alt1
2 Feb 201100:00
altlinux
ALT Linux		Security fix for the ALT Linux 8 package postgresql11 version 9.0.3-alt1
2 Feb 201100:00
altlinux
Tenable Nessus		Solaris 10 (sparc) : 138822-12 (deprecated)
28 Jun 200900:00
nessus
Tenable Nessus		Debian DSA-2157-1 : postgresql-8.3, postgresql-8.4, postgresql-9.0 - buffer overflow
4 Feb 201100:00
nessus
Tenable Nessus		Scientific Linux Security Update : postgresql on SL4.x, SL5.x i386/x86_64
1 Aug 201200:00
nessus
Tenable Nessus		Solaris 10 (x86) : 138825-12 (deprecated)
28 Jun 200900:00
nessus
Rows per page
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.881354");
  script_version("2023-07-10T08:07:43+0000");
  script_tag(name:"last_modification", value:"2023-07-10 08:07:43 +0000 (Mon, 10 Jul 2023)");
  script_tag(name:"creation_date", value:"2012-07-30 17:34:58 +0530 (Mon, 30 Jul 2012)");
  script_cve_id("CVE-2010-4015");
  script_tag(name:"cvss_base", value:"6.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_xref(name:"CESA", value:"2011:0197");
  script_name("CentOS Update for postgresql CESA-2011:0197 centos4 x86_64");

  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2011-February/017254.html");
  script_xref(name:"URL", value:"http://www.postgresql.org/docs/8.1/static/release.html");
  script_xref(name:"URL", value:"http://www.postgresql.org/docs/8.4/static/release.html");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'postgresql'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS4");
  script_tag(name:"affected", value:"postgresql on CentOS 4");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"insight", value:"PostgreSQL is an advanced object-relational database management system
  (DBMS).

  A stack-based buffer overflow flaw was found in the way PostgreSQL
  processed certain tokens from an SQL query when the intarray module was
  enabled on a particular database. An authenticated database user running a
  specially-crafted SQL query could use this flaw to cause a temporary denial
  of service (postgres daemon crash) or, potentially, execute arbitrary code
  with the privileges of the database server. (CVE-2010-4015)

  Red Hat would like to thank Geoff Keating of the Apple Product Security
  team for reporting this issue.

  For Red Hat Enterprise Linux 4, the updated postgresql packages contain a
  backported patch for this issue. There are no other changes.

  For Red Hat Enterprise Linux 5, the updated postgresql packages upgrade
  PostgreSQL to version 8.1.23, and contain a backported patch for this
  issue. Refer to the linked PostgreSQL Release Notes for a full list of changes.

  For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade
  PostgreSQL to version 8.4.7, which includes a fix for this issue. Refer to
  the linked PostgreSQL Release Notes for a full list of changes.

  All PostgreSQL users are advised to upgrade to these updated packages,
  which correct this issue. If the postgresql service is running, it will be
  automatically restarted after installing this update.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS4")
{

  if ((res = isrpmvuln(pkg:"postgresql", rpm:"postgresql~7.4.30~1.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"postgresql-contrib", rpm:"postgresql-contrib~7.4.30~1.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"postgresql-devel", rpm:"postgresql-devel~7.4.30~1.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"postgresql-docs", rpm:"postgresql-docs~7.4.30~1.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"postgresql-jdbc", rpm:"postgresql-jdbc~7.4.30~1.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"postgresql-libs", rpm:"postgresql-libs~7.4.30~1.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"postgresql-pl", rpm:"postgresql-pl~7.4.30~1.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"postgresql-python", rpm:"postgresql-python~7.4.30~1.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"postgresql-server", rpm:"postgresql-server~7.4.30~1.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"postgresql-tcl", rpm:"postgresql-tcl~7.4.30~1.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"postgresql-test", rpm:"postgresql-test~7.4.30~1.el4_8.2", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
30 Jul 2012 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS26.5
EPSS0.03959
centos4postgresqlbuffer overflow
16
.json
Report