CentOS Update for postgresql CESA-2012:1263 centos6
2012-09-17T00:00:00
ID OPENVAS:1361412562310881502 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for postgresql CESA-2012:1263 centos6
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.881502");
script_version("$Revision: 14222 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2012-09-17 16:50:31 +0530 (Mon, 17 Sep 2012)");
script_cve_id("CVE-2012-3488", "CVE-2012-3489");
script_tag(name:"cvss_base", value:"4.9");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:N");
script_xref(name:"CESA", value:"2012:1263");
script_name("CentOS Update for postgresql CESA-2012:1263 centos6");
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2012-September/018874.html");
script_xref(name:"URL", value:"http://www.postgresql.org/docs/8.4/static/release-8-4-13.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'postgresql'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS6");
script_tag(name:"affected", value:"postgresql on CentOS 6");
script_tag(name:"solution", value:"Please install the updated packages.");
script_tag(name:"insight", value:"PostgreSQL is an advanced object-relational database management system
(DBMS).
It was found that the optional PostgreSQL xml2 contrib module allowed local
files and remote URLs to be read and written to with the privileges of the
database server when parsing Extensible Stylesheet Language Transformations
(XSLT). An unprivileged database user could use this flaw to read and write
to local files (such as the database's configuration files) and remote URLs
they would otherwise not have access to by issuing a specially-crafted SQL
query. (CVE-2012-3488)
It was found that the 'xml' data type allowed local files and remote URLs
to be read with the privileges of the database server to resolve DTD and
entity references in the provided XML. An unprivileged database user could
use this flaw to read local files they would otherwise not have access to
by issuing a specially-crafted SQL query. Note that the full contents of
the files were not returned, but portions could be displayed to the user
via error messages. (CVE-2012-3489)
Red Hat would like to thank the PostgreSQL project for reporting these
issues. Upstream acknowledges Peter Eisentraut as the original reporter of
CVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489.
These updated packages upgrade PostgreSQL to version 8.4.13. Refer to the
linked PostgreSQL Release Notes for a list of changes.
All PostgreSQL users are advised to upgrade to these updated packages,
which correct these issues. If the postgresql service is running, it will
be automatically restarted after installing this update.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"postgresql", rpm:"postgresql~8.4.13~1.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-contrib", rpm:"postgresql-contrib~8.4.13~1.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-devel", rpm:"postgresql-devel~8.4.13~1.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-docs", rpm:"postgresql-docs~8.4.13~1.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-libs", rpm:"postgresql-libs~8.4.13~1.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-plperl", rpm:"postgresql-plperl~8.4.13~1.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-plpython", rpm:"postgresql-plpython~8.4.13~1.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-pltcl", rpm:"postgresql-pltcl~8.4.13~1.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-server", rpm:"postgresql-server~8.4.13~1.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql-test", rpm:"postgresql-test~8.4.13~1.el6_3", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310881502", "type": "openvas", "bulletinFamily": "scanner", "title": "CentOS Update for postgresql CESA-2012:1263 centos6", "description": "The remote host is missing an update for the ", "published": "2012-09-17T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881502", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://www.postgresql.org/docs/8.4/static/release-8-4-13.html", "2012:1263", "http://lists.centos.org/pipermail/centos-announce/2012-September/018874.html"], "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "lastseen": "2019-05-29T18:38:38", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-3489", "CVE-2012-3488"]}, {"type": "postgresql", "idList": ["POSTGRESQL:CVE-2012-3489", "POSTGRESQL:CVE-2012-3488"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-1263", "ELSA-2012-1264"]}, {"type": "redhat", "idList": ["RHSA-2012:1264", "RHSA-2012:1263"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29210", "SECURITYVULNS:VULN:12540", "SECURITYVULNS:VULN:12965", "SECURITYVULNS:DOC:28426"]}, {"type": "ubuntu", "idList": ["USN-1542-1"]}, {"type": "freebsd", "idList": ["07234E78-E899-11E1-B38D-0023AE8E59F0"]}, {"type": "amazon", "idList": ["ALAS-2012-121", "ALAS-2012-129"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2534-1:75E4E"]}, {"type": "centos", "idList": ["CESA-2012:1264", "CESA-2012:1263"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881490", "OPENVAS:1361412562310803219", "OPENVAS:1361412562310123822", "OPENVAS:841120", "OPENVAS:1361412562310120487", "OPENVAS:831725", "OPENVAS:71844", "OPENVAS:1361412562310831725", "OPENVAS:1361412562310841120", "OPENVAS:892534"]}, {"type": "nessus", "idList": ["FEDORA_2012-12165.NASL", "UBUNTU_USN-1542-1.NASL", "ORACLELINUX_ELSA-2012-1263.NASL", "POSTGRESQL_20120817.NASL", "ALA_ALAS-2012-129.NASL", "MANDRIVA_MDVSA-2012-139.NASL", "DEBIAN_DSA-2534.NASL", "REDHAT-RHSA-2012-1263.NASL", "CENTOS_RHSA-2012-1263.NASL", "SL_20120913_POSTGRESQL_AND_POSTGRESQL84_ON_SL5_X.NASL"]}, {"type": "fedora", "idList": ["FEDORA:8ECC221371", "FEDORA:DCB782141F", "FEDORA:D603620A52", "FEDORA:395CD20919"]}, {"type": "seebug", "idList": ["SSV:60335", "SSV:60334"]}, {"type": "gentoo", "idList": ["GLSA-201209-24"]}], "modified": "2019-05-29T18:38:38", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-05-29T18:38:38", "rev": 2}, "vulnersScore": 5.9}, "pluginID": "1361412562310881502", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for postgresql CESA-2012:1263 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881502\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-17 16:50:31 +0530 (Mon, 17 Sep 2012)\");\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_xref(name:\"CESA\", value:\"2012:1263\");\n script_name(\"CentOS Update for postgresql CESA-2012:1263 centos6\");\n\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-September/018874.html\");\n script_xref(name:\"URL\", value:\"http://www.postgresql.org/docs/8.4/static/release-8-4-13.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'postgresql'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"postgresql on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"PostgreSQL is an advanced object-relational database management system\n (DBMS).\n\n It was found that the optional PostgreSQL xml2 contrib module allowed local\n files and remote URLs to be read and written to with the privileges of the\n database server when parsing Extensible Stylesheet Language Transformations\n (XSLT). An unprivileged database user could use this flaw to read and write\n to local files (such as the database's configuration files) and remote URLs\n they would otherwise not have access to by issuing a specially-crafted SQL\n query. (CVE-2012-3488)\n\n It was found that the 'xml' data type allowed local files and remote URLs\n to be read with the privileges of the database server to resolve DTD and\n entity references in the provided XML. An unprivileged database user could\n use this flaw to read local files they would otherwise not have access to\n by issuing a specially-crafted SQL query. Note that the full contents of\n the files were not returned, but portions could be displayed to the user\n via error messages. (CVE-2012-3489)\n\n Red Hat would like to thank the PostgreSQL project for reporting these\n issues. Upstream acknowledges Peter Eisentraut as the original reporter of\n CVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489.\n\n These updated packages upgrade PostgreSQL to version 8.4.13. Refer to the\n linked PostgreSQL Release Notes for a list of changes.\n\n All PostgreSQL users are advised to upgrade to these updated packages,\n which correct these issues. If the postgresql service is running, it will\n be automatically restarted after installing this update.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "CentOS Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T12:06:06", "description": "The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.", "edition": 3, "cvss3": {}, "published": "2012-10-03T21:55:00", "title": "CVE-2012-3488", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3488"], "modified": "2016-12-08T03:02:00", "cpe": ["cpe:/a:postgresql:postgresql:9.0.1", "cpe:/a:postgresql:postgresql:9.0.4", "cpe:/a:postgresql:postgresql:8.4.8", "cpe:/a:postgresql:postgresql:8.4.4", "cpe:/a:postgresql:postgresql:9.1.1", "cpe:/a:postgresql:postgresql:8.3.7", "cpe:/a:postgresql:postgresql:8.3.12", "cpe:/a:postgresql:postgresql:8.3.1", "cpe:/a:postgresql:postgresql:9.0.3", "cpe:/a:postgresql:postgresql:9.1", "cpe:/a:postgresql:postgresql:8.3.11", "cpe:/a:postgresql:postgresql:9.1.2", "cpe:/a:postgresql:postgresql:8.4.7", "cpe:/a:postgresql:postgresql:9.0.2", "cpe:/a:postgresql:postgresql:9.0.8", "cpe:/a:postgresql:postgresql:8.4.11", "cpe:/a:postgresql:postgresql:8.3.6", "cpe:/a:postgresql:postgresql:8.3.17", "cpe:/a:postgresql:postgresql:8.3.19", "cpe:/a:postgresql:postgresql:8.4.9", "cpe:/a:postgresql:postgresql:8.3.13", "cpe:/a:postgresql:postgresql:8.3", "cpe:/a:postgresql:postgresql:8.3.8", "cpe:/a:postgresql:postgresql:8.4.3", "cpe:/a:postgresql:postgresql:8.4.5", "cpe:/a:postgresql:postgresql:8.4.10", "cpe:/a:postgresql:postgresql:9.1.4", "cpe:/a:postgresql:postgresql:8.4.6", "cpe:/a:postgresql:postgresql:8.3.10", "cpe:/a:postgresql:postgresql:9.0", "cpe:/a:postgresql:postgresql:8.4.2", "cpe:/a:postgresql:postgresql:9.0.5", "cpe:/a:postgresql:postgresql:8.3.3", "cpe:/a:postgresql:postgresql:8.3.18", "cpe:/a:postgresql:postgresql:8.3.14", "cpe:/a:postgresql:postgresql:8.3.16", "cpe:/a:postgresql:postgresql:8.4.12", "cpe:/a:postgresql:postgresql:9.0.7", "cpe:/a:postgresql:postgresql:9.0.6", "cpe:/a:postgresql:postgresql:8.3.4", "cpe:/a:postgresql:postgresql:8.3.2", "cpe:/a:postgresql:postgresql:8.4", "cpe:/a:postgresql:postgresql:8.3.9", "cpe:/a:postgresql:postgresql:8.3.5", "cpe:/a:postgresql:postgresql:8.4.1", "cpe:/a:postgresql:postgresql:8.3.15", "cpe:/a:postgresql:postgresql:9.1.3"], "id": "CVE-2012-3488", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3488", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:06", "description": "The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.", "edition": 3, "cvss3": {}, "published": "2012-10-03T21:55:00", "title": "CVE-2012-3489", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3489"], "modified": "2013-10-10T19:23:00", "cpe": ["cpe:/a:postgresql:postgresql:9.0.1", "cpe:/a:postgresql:postgresql:9.0.4", "cpe:/a:postgresql:postgresql:8.4.8", "cpe:/a:postgresql:postgresql:8.4.4", "cpe:/a:postgresql:postgresql:9.1.1", "cpe:/a:postgresql:postgresql:8.3.7", "cpe:/a:postgresql:postgresql:8.3.12", "cpe:/a:postgresql:postgresql:8.3.1", "cpe:/a:postgresql:postgresql:9.0.3", "cpe:/a:postgresql:postgresql:9.1", "cpe:/a:postgresql:postgresql:8.3.11", "cpe:/a:postgresql:postgresql:9.1.2", "cpe:/a:postgresql:postgresql:8.4.7", "cpe:/a:postgresql:postgresql:9.0.2", "cpe:/a:postgresql:postgresql:9.0.8", "cpe:/a:postgresql:postgresql:8.4.11", "cpe:/a:postgresql:postgresql:8.3.6", "cpe:/a:postgresql:postgresql:8.3.17", "cpe:/a:postgresql:postgresql:8.3.19", "cpe:/a:postgresql:postgresql:8.4.9", "cpe:/a:postgresql:postgresql:8.3.13", "cpe:/a:postgresql:postgresql:8.3", "cpe:/a:postgresql:postgresql:8.3.8", "cpe:/a:postgresql:postgresql:8.4.3", "cpe:/a:postgresql:postgresql:8.4.5", "cpe:/a:postgresql:postgresql:8.4.10", "cpe:/a:postgresql:postgresql:9.1.4", "cpe:/a:postgresql:postgresql:8.4.6", "cpe:/a:postgresql:postgresql:8.3.10", "cpe:/a:postgresql:postgresql:9.0", "cpe:/a:postgresql:postgresql:8.4.2", "cpe:/a:postgresql:postgresql:9.0.5", "cpe:/a:postgresql:postgresql:8.3.3", "cpe:/a:postgresql:postgresql:8.3.18", "cpe:/a:postgresql:postgresql:8.3.14", "cpe:/a:postgresql:postgresql:8.3.16", "cpe:/a:postgresql:postgresql:8.4.12", "cpe:/a:postgresql:postgresql:9.0.7", "cpe:/a:postgresql:postgresql:9.0.6", "cpe:/a:postgresql:postgresql:8.3.4", "cpe:/a:postgresql:postgresql:8.3.2", "cpe:/a:postgresql:postgresql:8.4", "cpe:/a:postgresql:postgresql:8.3.9", "cpe:/a:postgresql:postgresql:8.3.5", "cpe:/a:postgresql:postgresql:8.4.1", "cpe:/a:postgresql:postgresql:8.3.15", "cpe:/a:postgresql:postgresql:9.1.3"], "id": "CVE-2012-3489", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3489", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*"]}], "postgresql": [{"lastseen": "2020-12-24T14:27:32", "bulletinFamily": "software", "cvelist": ["CVE-2012-3488"], "description": "contrib/xml2's xslt_process() can be used to read and write arbitrary files", "edition": 3, "modified": "2012-10-03T21:55:00", "published": "2012-10-03T21:55:00", "href": "https://www.postgresql.org/support/security/9.1/", "id": "POSTGRESQL:CVE-2012-3488", "type": "postgresql", "title": "Vulnerability in contrib module (CVE-2012-3488)", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-12-24T14:27:32", "bulletinFamily": "software", "cvelist": ["CVE-2012-3489"], "description": "xml_parse() DTD validation can be used to read arbitrary files", "edition": 3, "modified": "2012-10-03T21:55:00", "published": "2012-10-03T21:55:00", "href": "https://www.postgresql.org/support/security/9.1/", "id": "POSTGRESQL:CVE-2012-3489", "type": "postgresql", "title": "Vulnerability in core server (CVE-2012-3489)", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "[8.4.13-1]\n- Update to PostgreSQL 8.4.13, for various fixes described at\n http://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n including the fixes for CVE-2012-3488, CVE-2012-3489\nResolves: #852020", "edition": 4, "modified": "2012-09-13T00:00:00", "published": "2012-09-13T00:00:00", "id": "ELSA-2012-1263", "href": "http://linux.oracle.com/errata/ELSA-2012-1263.html", "title": "postgresql and postgresql84 security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3488"], "description": "[8.1.23-6]\n- Back-port upstream fix for CVE-2012-3488\nResolves: #852015", "edition": 4, "modified": "2012-09-13T00:00:00", "published": "2012-09-13T00:00:00", "id": "ELSA-2012-1264", "href": "http://linux.oracle.com/errata/ELSA-2012-1264.html", "title": "postgresql security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:59", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3488", "CVE-2012-3489"], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was found that the optional PostgreSQL xml2 contrib module allowed local\nfiles and remote URLs to be read and written to with the privileges of the\ndatabase server when parsing Extensible Stylesheet Language Transformations\n(XSLT). An unprivileged database user could use this flaw to read and write\nto local files (such as the database's configuration files) and remote URLs\nthey would otherwise not have access to by issuing a specially-crafted SQL\nquery. (CVE-2012-3488)\n\nIt was found that the \"xml\" data type allowed local files and remote URLs\nto be read with the privileges of the database server to resolve DTD and\nentity references in the provided XML. An unprivileged database user could\nuse this flaw to read local files they would otherwise not have access to\nby issuing a specially-crafted SQL query. Note that the full contents of\nthe files were not returned, but portions could be displayed to the user\nvia error messages. (CVE-2012-3489)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Peter Eisentraut as the original reporter of\nCVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489.\n\nThese updated packages upgrade PostgreSQL to version 8.4.13. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n", "modified": "2018-06-06T20:24:12", "published": "2012-09-13T04:00:00", "id": "RHSA-2012:1263", "href": "https://access.redhat.com/errata/RHSA-2012:1263", "type": "redhat", "title": "(RHSA-2012:1263) Moderate: postgresql and postgresql84 security update", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:23", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3488"], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was found that the optional PostgreSQL xml2 contrib module allowed local\nfiles and remote URLs to be read and written to with the privileges of the\ndatabase server when parsing Extensible Stylesheet Language Transformations\n(XSLT). An unprivileged database user could use this flaw to read and write\nto local files (such as the database's configuration files) and remote URLs\nthey would otherwise not have access to by issuing a specially-crafted SQL\nquery. (CVE-2012-3488)\n\nRed Hat would like to thank the PostgreSQL project for reporting this\nissue. Upstream acknowledges Peter Eisentraut as the original reporter.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. If the postgresql\nservice is running, it will be automatically restarted after installing\nthis update.\n", "modified": "2017-09-08T12:05:42", "published": "2012-09-13T04:00:00", "id": "RHSA-2012:1264", "href": "https://access.redhat.com/errata/RHSA-2012:1264", "type": "redhat", "title": "(RHSA-2012:1264) Moderate: postgresql security update", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "centos": [{"lastseen": "2020-07-17T03:32:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "**CentOS Errata and Security Advisory** CESA-2012:1263\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was found that the optional PostgreSQL xml2 contrib module allowed local\nfiles and remote URLs to be read and written to with the privileges of the\ndatabase server when parsing Extensible Stylesheet Language Transformations\n(XSLT). An unprivileged database user could use this flaw to read and write\nto local files (such as the database's configuration files) and remote URLs\nthey would otherwise not have access to by issuing a specially-crafted SQL\nquery. (CVE-2012-3488)\n\nIt was found that the \"xml\" data type allowed local files and remote URLs\nto be read with the privileges of the database server to resolve DTD and\nentity references in the provided XML. An unprivileged database user could\nuse this flaw to read local files they would otherwise not have access to\nby issuing a specially-crafted SQL query. Note that the full contents of\nthe files were not returned, but portions could be displayed to the user\nvia error messages. (CVE-2012-3489)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Peter Eisentraut as the original reporter of\nCVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489.\n\nThese updated packages upgrade PostgreSQL to version 8.4.13. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-September/030908.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-September/030912.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-libs\npostgresql-plperl\npostgresql-plpython\npostgresql-pltcl\npostgresql-server\npostgresql-test\npostgresql84\npostgresql84-contrib\npostgresql84-devel\npostgresql84-docs\npostgresql84-libs\npostgresql84-plperl\npostgresql84-plpython\npostgresql84-pltcl\npostgresql84-python\npostgresql84-server\npostgresql84-tcl\npostgresql84-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1263.html", "edition": 5, "modified": "2012-09-13T20:54:46", "published": "2012-09-13T17:57:44", "href": "http://lists.centos.org/pipermail/centos-announce/2012-September/030908.html", "id": "CESA-2012:1263", "title": "postgresql, postgresql84 security update", "type": "centos", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-12-20T18:27:58", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3488"], "description": "**CentOS Errata and Security Advisory** CESA-2012:1264\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was found that the optional PostgreSQL xml2 contrib module allowed local\nfiles and remote URLs to be read and written to with the privileges of the\ndatabase server when parsing Extensible Stylesheet Language Transformations\n(XSLT). An unprivileged database user could use this flaw to read and write\nto local files (such as the database's configuration files) and remote URLs\nthey would otherwise not have access to by issuing a specially-crafted SQL\nquery. (CVE-2012-3488)\n\nRed Hat would like to thank the PostgreSQL project for reporting this\nissue. Upstream acknowledges Peter Eisentraut as the original reporter.\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. If the postgresql\nservice is running, it will be automatically restarted after installing\nthis update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-September/030907.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1264.html", "edition": 3, "modified": "2012-09-13T17:55:48", "published": "2012-09-13T17:55:48", "href": "http://lists.centos.org/pipermail/centos-announce/2012-September/030907.html", "id": "CESA-2012:1264", "title": "postgresql security update", "type": "centos", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "Privilege escalations via XML2 extension.", "edition": 1, "modified": "2012-08-27T00:00:00", "published": "2012-08-27T00:00:00", "id": "SECURITYVULNS:VULN:12540", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12540", "title": "PostgreSQL privilege escalation", "type": "securityvulns", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1542-1\r\nAugust 21, 2012\r\n\r\npostgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nPostgreSQL could allow unintended access to files over the network when\r\nusing the XML2 extension.\r\n\r\nSoftware Description:\r\n- postgresql-9.1: Object-relational SQL database\r\n- postgresql-8.4: Object-relational SQL database\r\n- postgresql-8.3: Object-relational SQL database\r\n\r\nDetails:\r\n\r\nPeter Eisentraut discovered that the XSLT functionality in the optional\r\nXML2 extension would allow unprivileged database users to both read and\r\nwrite data with the privileges of the database server. (CVE-2012-3488)\r\n\r\nNoah Misch and Tom Lane discovered that the XML functionality in the\r\noptional XML2 extension would allow unprivileged database users to\r\nread data with the privileges of the database server. (CVE-2012-3489)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n postgresql-9.1 9.1.5-0ubuntu12.04\r\n\r\nUbuntu 11.10:\r\n postgresql-9.1 9.1.5-0ubuntu11.10\r\n\r\nUbuntu 11.04:\r\n postgresql-8.4 8.4.13-0ubuntu11.04\r\n\r\nUbuntu 10.04 LTS:\r\n postgresql-8.4 8.4.13-0ubuntu10.04\r\n\r\nUbuntu 8.04 LTS:\r\n postgresql-8.3 8.3.20-0ubuntu8.04\r\n\r\nThis update uses a new upstream release, which includes additional bug\r\nfixes. Due to upstream security policies, this update removes the ability\r\nof xslt_process() to fetch documents or stylesheets from external URLs.\r\nPlease see http://www.postgresql.org/about/news/1407/ for more information.\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1542-1\r\n CVE-2012-3488, CVE-2012-3489\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.5-0ubuntu12.04\r\n https://launchpad.net/ubuntu/+source/postgresql-9.1/9.1.5-0ubuntu11.10\r\n https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.13-0ubuntu11.04\r\n https://launchpad.net/ubuntu/+source/postgresql-8.4/8.4.13-0ubuntu10.04\r\n https://launchpad.net/ubuntu/+source/postgresql-8.3/8.3.20-0ubuntu8.04\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2012-08-27T00:00:00", "published": "2012-08-27T00:00:00", "id": "SECURITYVULNS:DOC:28426", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28426", "title": "[USN-1542-1] PostgreSQL vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-0969", "CVE-2012-3489", "CVE-2013-0976", "CVE-2013-0156", "CVE-2012-3488", "CVE-2013-0966", "CVE-2011-3058", "CVE-2013-0970", "CVE-2012-3756", "CVE-2013-0973", "CVE-2013-0963", "CVE-2013-0971", "CVE-2012-3525", "CVE-2013-0333", "CVE-2012-2088", "CVE-2012-3749", "CVE-2013-0967"], "description": "Crossite scripting, authentication bypass, buffer overflows and memory corruptions in graphics libraries, information leakage, protection bypass, PDF parsing memory corruptions, different packages security vulnerabilities.", "edition": 1, "modified": "2013-03-24T00:00:00", "published": "2013-03-24T00:00:00", "id": "SECURITYVULNS:VULN:12965", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12965", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2013-0969", "CVE-2012-3489", "CVE-2013-0976", "CVE-2013-0156", "CVE-2012-3488", "CVE-2013-0966", "CVE-2011-3058", "CVE-2013-0970", "CVE-2012-3756", "CVE-2013-0973", "CVE-2013-0963", "CVE-2013-0971", "CVE-2012-3525", "CVE-2013-0333", "CVE-2012-2088", "CVE-2012-3749", "CVE-2013-0967"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update\r\n2013-001\r\n\r\nOS X Mountain Lion v10.8.3 and Security Update 2013-001 is now\r\navailable and addresses the following:\r\n\r\nApache\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.2\r\nImpact: An attacker may be able to access directories that are\r\nprotected with HTTP authentication without knowing the correct\r\ncredentials\r\nDescription: A canonicalization issue existed in the handling of\r\nURIs with ignorable Unicode character sequences. This issue was\r\naddressed by updating mod_hfs_apple to forbid access to URIs with\r\nignorable Unicode character sequences.\r\nCVE-ID\r\nCVE-2013-0966 : Clint Ruoho of Laconic Security\r\n\r\nCoreTypes\r\nAvailable for: OS X Lion v10.7 to v10.7.5,\r\nOS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.2\r\nImpact: Visiting a maliciously crafted website could allow a Java\r\nWeb Start application to be launched automatically even if the Java\r\nplug-in is disabled\r\nDescription: Java Web Start applications would run even if the Java\r\nplug-in was disabled. This issue was addressed by removing JNLP files\r\nfrom the CoreTypes safe file type list, so the Web Start application\r\nwill not be run unless the user opens it in the Downloads directory.\r\nCVE-ID\r\nCVE-2013-0967\r\n\r\nInternational Components for Unicode\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.2\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A canonicalization issue existed in the handling of the\r\nEUC-JP encoding, which could lead to a cross-site scripting attack on\r\nEUC-JP encoded websites. This issue was addressed by updating the\r\nEUC-JP mapping table.\r\nCVE-ID\r\nCVE-2011-3058 : Masato Kinugawa\r\n\r\nIdentity Services\r\nAvailable for: OS X Lion v10.7 to v10.7.5,\r\nOS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.2\r\nImpact: Authentication relying on certificate-based Apple ID\r\nauthentication may be bypassed\r\nDescription: An error handling issue existed in Identity Services.\r\nIf the user's AppleID certificate failed to validate, the user's\r\nAppleID was assumed to be the empty string. If multiple systems\r\nbelonging to different users enter this state, applications relying\r\non this identity determination may erroneously extend trust. This\r\nissue was addressed by ensuring that NULL is returned instead of an\r\nempty string.\r\nCVE-ID\r\nCVE-2013-0963\r\n\r\nImageIO\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.2\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff's handling of TIFF\r\nimages. This issue was addressed through additional validation of\r\nTIFF images.\r\nCVE-ID\r\nCVE-2012-2088\r\n\r\nIOAcceleratorFamily\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.2\r\nImpact: Viewing a maliciously crafted image may lead to an\r\nunexpected system termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\ngraphics data. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-0976 : an anonymous researcher\r\n\r\nKernel\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.2\r\nImpact: Maliciously crafted or compromised applications may be able\r\nto determine addresses in the kernel\r\nDescription: An information disclosure issue existed in the handling\r\nof APIs related to kernel extensions. Responses containing an\r\nOSBundleMachOHeaders key may have included kernel addresses, which\r\nmay aid in bypassing address space layout randomization protection.\r\nThis issue was addressed by unsliding the addresses before returning\r\nthem.\r\nCVE-ID\r\nCVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square,\r\nand additional anonymous researchers\r\n\r\nLogin Window\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.2\r\nImpact: An attacker with keyboard access may modify the system\r\nconfiguration\r\nDescription: A logic error existed in VoiceOver's handling of the\r\nLogin Window, whereby an attacker with access to the keyboard could\r\nlaunch System Preferences and modify the system configuration. This\r\nissue was addressed by preventing VoiceOver from launching\r\napplications at the Login Window.\r\nCVE-ID\r\nCVE-2013-0969 : Eric A. Schulman of Purpletree Labs\r\n\r\nMessages\r\nAvailable for: OS X Mountain Lion v10.8 to v10.8.2\r\nImpact: Clicking a link from Messages may initiate a FaceTime call\r\nwithout prompting\r\nDescription: Clicking on a specifically-formatted FaceTime:// URL in\r\nMessages could bypass the standard confirmation prompt. This issue\r\nwas addressed by additional validation of FaceTime:// URLs.\r\nCVE-ID\r\nCVE-2013-0970 : Aaron Sigel of vtty.com\r\n\r\nMessages Server\r\nAvailable for: Mac OS X Server 10.6.8,\r\nOS X Lion Server v10.7 to v10.7.5\r\nImpact: A remote attacker may reroute federated Jabber messages\r\nDescription: An issue existed in the Jabber server's handling of\r\ndialback result messages. An attacker may cause the Jabber server to\r\ndisclose information intended for users of federated servers. This\r\nissue was addressed through improved handling of dialback result\r\nmessages.\r\nCVE-ID\r\nCVE-2012-3525\r\n\r\nPDFKit\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.2\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A use after free issue existed in the handling of ink\r\nannotations in PDF files. This issue was addressed through improved\r\nmemory management.\r\nCVE-ID\r\nCVE-2013-0971 : Tobias Klein working with HP TippingPoint's Zero Day\r\nInitiative\r\n\r\nPodcast Producer Server\r\nAvailable for: Mac OS X Server 10.6.8,\r\nOS X Lion Server v10.7 to v10.7.5\r\nImpact: A remote attacker may be able to cause arbitrary code\r\nexecution\r\nDescription: A type casting issue existed in Ruby on Rails' handling\r\nof XML parameters. This issue was addressed by disabling XML\r\nparameters in the Rails implementation used by Podcast Producer\r\nServer.\r\nCVE-ID\r\nCVE-2013-0156\r\n\r\nPodcast Producer Server\r\nAvailable for: OS X Lion Server v10.7 to v10.7.5\r\nImpact: A remote attacker may be able to cause arbitrary code\r\nexecution\r\nDescription: A type casting issue existed in Ruby on Rails' handling\r\nof JSON data. This issue was addressed by switching to using the\r\nJSONGem backend for JSON parsing in the Rails implementation used by\r\nPodcast Producer Server.\r\nCVE-ID\r\nCVE-2013-0333\r\n\r\nPostgreSQL\r\nAvailable for: Mac OS X Server 10.6.8,\r\nOS X Lion Server v10.7 to v10.7.5\r\nImpact: Multiple vulnerabilities in PostgreSQL\r\nDescription: PostgreSQL was updated to version 9.1.5 to address\r\nmultiple vulnerabilities, the most serious of which may allow\r\ndatabase users to read files from the file system with the privileges\r\nof the database server role account. Further information is available\r\nvia the PostgreSQL web site at\r\nhttp://www.postgresql.org/docs/9.1/static/release-9-1-5.html\r\nCVE-ID\r\nCVE-2012-3488\r\nCVE-2012-3489\r\n\r\nProfile Manager\r\nAvailable for: OS X Lion Server v10.7 to v10.7.5\r\nImpact: A remote attacker may be able to cause arbitrary code\r\nexecution\r\nDescription: A type casting issue existed in Ruby on Rails' handling\r\nof XML parameters. This issue was addressed by disabling XML\r\nparameters in the Rails implementation used by Profile Manager.\r\nCVE-ID\r\nCVE-2013-0156\r\n\r\nQuickTime\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of 'rnet'\r\nboxes in MP4 files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2012-3756 : Kevin Szkudlapski of QuarksLab\r\n\r\nRuby\r\nAvailable for: Mac OS X Server 10.6.8\r\nImpact: A remote attacker may be able to cause arbitrary code\r\nexecution if a Rails application is running\r\nDescription: A type casting issue existed in Ruby on Rails' handling\r\nof XML parameters. This issue was addressed by disabling YAML and\r\nsymbols in XML parameters in Rails.\r\nCVE-ID\r\nCVE-2013-0156\r\n\r\nSecurity\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.2\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: Several intermediate CA certificates were mistakenly\r\nissued by TURKTRUST. This may allow a man-in-the-middle attacker to\r\nredirect connections and intercept user credentials or other\r\nsensitive information. This issue was addressed by not allowing the\r\nincorrect SSL certificates.\r\n\r\nSoftware Update\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5\r\nImpact: An attacker with a privileged network position may be able\r\nto cause arbitrary code execution\r\nDescription: Software Update allowed a man in the middle attacker to\r\ninsert plugin content into the marketing text displayed for updates.\r\nThis may allow the exploitation of a vulnerable plugin, or facilitate\r\nsocial engineering attacks involving plugins. This issue does not\r\naffect OS X Mountain Lion systems. This issue was addressed by\r\npreventing plugins from being loaded in Software Update's marketing\r\ntext WebView.\r\nCVE-ID\r\nCVE-2013-0973 : Emilio Escobar\r\n\r\nWiki Server\r\nAvailable for: OS X Lion Server v10.7 to v10.7.5\r\nImpact: A remote attacker may be able to cause arbitrary code\r\nexecution\r\nDescription: A type casting issue existed in Ruby on Rails' handling\r\nof XML parameters. This issue was addressed by disabling XML\r\nparameters in the Rails implementation used by Wiki Server.\r\nCVE-ID\r\nCVE-2013-0156\r\n\r\nWiki Server\r\nAvailable for: OS X Lion Server v10.7 to v10.7.5\r\nImpact: A remote attacker may be able to cause arbitrary code\r\nexecution\r\nDescription: A type casting issue existed in Ruby on Rails' handling\r\nof JSON data. This issue was addressed by switching to using the\r\nJSONGem backend for JSON parsing in the Rails implementation used by\r\nWiki Server.\r\nCVE-ID\r\nCVE-2013-0333\r\n\r\nMalware removal\r\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\r\nOS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5,\r\nOS X Mountain Lion v10.8 to v10.8.2\r\nDescription: This update runs a malware removal tool that will\r\nremove the most common variants of malware. If malware is found, it\r\npresents a dialog notifying the user that malware was removed. There\r\nis no indication to the user if malware is not found.\r\n\r\n\r\nNote: OS X Mountain Lion v10.8.3 includes the content of\r\nSafari 6.0.3. For further details see "About the security content\r\nof Safari 6.0.3" at http://http//support.apple.com/kb/HT5671\r\n\r\nOS X Mountain Lion v10.8.3 and Security Update 2013-001 may be\r\nobtained from the Software Update pane in System Preferences,\r\nor Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nOS X Mountain Lion v10.8.3, or Security Update\r\n2013-001.\r\n\r\nFor OS X Mountain Lion v10.8.2\r\nThe download file is named: OSXUpd10.8.3.dmg\r\nIts SHA-1 digest is: e6165572e9145ea05aac23fa30372a9b0a0bbf3c\r\n\r\nFor OS X Mountain Lion v10.8 and v10.8.1\r\nThe download file is named: OSXUpdCombo10.8.3.dmg\r\nIts SHA-1 digest is: 1bc49fde5ff6e252aa7908b4cb1f9cb9c8a5fa29\r\n\r\nFor OS X Lion v10.7.5\r\nThe download file is named: SecUpd2013-001.dmg\r\nIts SHA-1 digest is: 5bc540a208c720fce3448f853d852336781e1a17\r\n\r\nFor OS X Lion Server v10.7.5\r\nThe download file is named: SecUpdSrvr2013-001.dmg\r\nIts SHA-1 digest is: e88ff36fc8e88c4c995422d3f2364c56ebe51b07\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2013-001.dmg\r\nIts SHA-1 digest is: dc52d0f7d2db6080c57c7b9252a4d85c5e178450\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2013-001.dmg\r\nIts SHA-1 digest is: fd7946f8d1f1bce0394b6e56c8d7387812e14694\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJRQiuBAAoJEPefwLHPlZEwGfgP/0UDCn2KBop3IJ4Ad31yiG3N\r\ngH+yQl4GDONhm/HgrPWGQgcuVI69FmAqk+7arwOL7+7hlsSDQ5uSWDraRdd0EPmO\r\naq2DxPxt6bYi4fHSrfkvRblVr/PcPxswEEshM82JU60Oy88EDA87bI8yy4qi8KJ4\r\nE8+6O31vLuUeAaHf0SNE8y1p2iKpdmHH/Afo0iAVx3ddm8e8wMVPZ9XbR02pe8MV\r\nqmMWj8icBLNyHGoSl48zm5t4Ah4MS9qgXNjsYY+Mq2AcrqQI5EFTbdWpKFM7SQ1G\r\nUcM6zmeHtKNz8H21MDYKg1UHjo49MZnFb6ahRXN0E3jsPrfO4Co/2t6ogOLRZ90X\r\n2Sd1RfwqYnRZRfwyOAe3htBYDpVEfvU1eaNMoTTHLRKWgarxUoXvww2cjnomAg5y\r\ntg+btVeQfzdHu+yClvioCbYqblKKxJf8lmhiLEgoH2bRaz2L+fluWW9yGQarxmrb\r\nvQ+cMKuy7heyLpNhwRHZioo4/b2K/IZBnkKwH76Ey3yAXnSSAD9xwbFZZAU5J8YQ\r\nliULOm9tv1sUlNHMyTsjplIsFkAIrkl+H43hn3/A+q4TIsDkmtPvOOl4Rc9/5w8H\r\nZibyLnmr1XgXvd6CgFzIvl7Ink+d/xGHTnlybHszCMzR5o6Rg7sTeQsD34aNymcc\r\nLz1nnBtRAbfDgARdRX4e\r\n=WUBR\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-03-24T00:00:00", "published": "2013-03-24T00:00:00", "id": "SECURITYVULNS:DOC:29210", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29210", "title": "APPLE-SA-2013-03-14-1 OS X Mountain Lion v10.8.3 and Security Update 2013-001", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-15T01:39:53", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "Peter Eisentraut discovered that the XSLT functionality in the optional \nXML2 extension would allow unprivileged database users to both read and \nwrite data with the privileges of the database server. (CVE-2012-3488)\n\nNoah Misch and Tom Lane discovered that the XML functionality in the \noptional XML2 extension would allow unprivileged database users to \nread data with the privileges of the database server. (CVE-2012-3489)", "edition": 6, "modified": "2012-08-21T00:00:00", "published": "2012-08-21T00:00:00", "id": "USN-1542-1", "href": "https://ubuntu.com/security/notices/USN-1542-1", "title": "PostgreSQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-01T01:18:04", "description": "It was found that the optional PostgreSQL xml2 contrib module allowed\nlocal files and remote URLs to be read and written to with the\nprivileges of the database server when parsing Extensible Stylesheet\nLanguage Transformations (XSLT). An unprivileged database user could\nuse this flaw to read and write to local files (such as the database's\nconfiguration files) and remote URLs they would otherwise not have\naccess to by issuing a specially crafted SQL query. (CVE-2012-3488)\n\nIt was found that the 'xml' data type allowed local files and remote\nURLs to be read with the privileges of the database server to resolve\nDTD and entity references in the provided XML. An unprivileged\ndatabase user could use this flaw to read local files they would\notherwise not have access to by issuing a specially crafted SQL query.\nNote that the full contents of the files were not returned, but\nportions could be displayed to the user via error messages.\n(CVE-2012-3489)", "edition": 24, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : postgresql8 (ALAS-2012-129)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:postgresql8-server", "p-cpe:/a:amazon:linux:postgresql8-devel", "p-cpe:/a:amazon:linux:postgresql8-plperl", "p-cpe:/a:amazon:linux:postgresql8-pltcl", "p-cpe:/a:amazon:linux:postgresql8-contrib", "p-cpe:/a:amazon:linux:postgresql8-debuginfo", "p-cpe:/a:amazon:linux:postgresql8-plpython", "p-cpe:/a:amazon:linux:postgresql8-test", "p-cpe:/a:amazon:linux:postgresql8-docs", "p-cpe:/a:amazon:linux:postgresql8", "p-cpe:/a:amazon:linux:postgresql8-libs", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-129.NASL", "href": "https://www.tenable.com/plugins/nessus/69619", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-129.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69619);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_xref(name:\"ALAS\", value:\"2012-129\");\n script_xref(name:\"RHSA\", value:\"2012:1263\");\n\n script_name(english:\"Amazon Linux AMI : postgresql8 (ALAS-2012-129)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the optional PostgreSQL xml2 contrib module allowed\nlocal files and remote URLs to be read and written to with the\nprivileges of the database server when parsing Extensible Stylesheet\nLanguage Transformations (XSLT). An unprivileged database user could\nuse this flaw to read and write to local files (such as the database's\nconfiguration files) and remote URLs they would otherwise not have\naccess to by issuing a specially crafted SQL query. (CVE-2012-3488)\n\nIt was found that the 'xml' data type allowed local files and remote\nURLs to be read with the privileges of the database server to resolve\nDTD and entity references in the provided XML. An unprivileged\ndatabase user could use this flaw to read local files they would\notherwise not have access to by issuing a specially crafted SQL query.\nNote that the full contents of the files were not returned, but\nportions could be displayed to the user via error messages.\n(CVE-2012-3489)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-129.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update postgresql8' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql8-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql8-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql8-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql8-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql8-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql8-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql8-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql8-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql8-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql8-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"postgresql8-8.4.13-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql8-contrib-8.4.13-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql8-debuginfo-8.4.13-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql8-devel-8.4.13-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql8-docs-8.4.13-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql8-libs-8.4.13-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql8-plperl-8.4.13-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql8-plpython-8.4.13-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql8-pltcl-8.4.13-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql8-server-8.4.13-1.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"postgresql8-test-8.4.13-1.37.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql8 / postgresql8-contrib / postgresql8-debuginfo / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-06T09:27:59", "description": "Updated postgresql84 and postgresql packages that fix two security\nissues are now available for Red Hat Enterprise Linux 5 and 6\nrespectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was found that the optional PostgreSQL xml2 contrib module allowed\nlocal files and remote URLs to be read and written to with the\nprivileges of the database server when parsing Extensible Stylesheet\nLanguage Transformations (XSLT). An unprivileged database user could\nuse this flaw to read and write to local files (such as the database's\nconfiguration files) and remote URLs they would otherwise not have\naccess to by issuing a specially crafted SQL query. (CVE-2012-3488)\n\nIt was found that the 'xml' data type allowed local files and remote\nURLs to be read with the privileges of the database server to resolve\nDTD and entity references in the provided XML. An unprivileged\ndatabase user could use this flaw to read local files they would\notherwise not have access to by issuing a specially crafted SQL query.\nNote that the full contents of the files were not returned, but\nportions could be displayed to the user via error messages.\n(CVE-2012-3489)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Peter Eisentraut as the original\nreporter of CVE-2012-3488, and Noah Misch as the original reporter of\nCVE-2012-3489.\n\nThese updated packages upgrade PostgreSQL to version 8.4.13. Refer to\nthe PostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it\nwill be automatically restarted after installing this update.", "edition": 25, "published": "2012-09-14T00:00:00", "title": "CentOS 5 / 6 : postgresql / postgresql84 (CESA-2012:1263)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "modified": "2012-09-14T00:00:00", "cpe": ["p-cpe:/a:centos:centos:postgresql-contrib", "p-cpe:/a:centos:centos:postgresql84-contrib", "p-cpe:/a:centos:centos:postgresql84", "p-cpe:/a:centos:centos:postgresql84-libs", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:postgresql-docs", "p-cpe:/a:centos:centos:postgresql-server", "p-cpe:/a:centos:centos:postgresql84-server", "p-cpe:/a:centos:centos:postgresql-test", "p-cpe:/a:centos:centos:postgresql84-python", "p-cpe:/a:centos:centos:postgresql84-test", "p-cpe:/a:centos:centos:postgresql-plperl", "p-cpe:/a:centos:centos:postgresql84-pltcl", "p-cpe:/a:centos:centos:postgresql84-plpython", "p-cpe:/a:centos:centos:postgresql84-tcl", "p-cpe:/a:centos:centos:postgresql-pltcl", "p-cpe:/a:centos:centos:postgresql", "p-cpe:/a:centos:centos:postgresql-plpython", "p-cpe:/a:centos:centos:postgresql84-docs", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:postgresql-libs", "p-cpe:/a:centos:centos:postgresql-devel", "p-cpe:/a:centos:centos:postgresql84-devel", "p-cpe:/a:centos:centos:postgresql84-plperl"], "id": "CENTOS_RHSA-2012-1263.NASL", "href": "https://www.tenable.com/plugins/nessus/62083", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1263 and \n# CentOS Errata and Security Advisory 2012:1263 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62083);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_bugtraq_id(55072, 55074);\n script_xref(name:\"RHSA\", value:\"2012:1263\");\n\n script_name(english:\"CentOS 5 / 6 : postgresql / postgresql84 (CESA-2012:1263)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql84 and postgresql packages that fix two security\nissues are now available for Red Hat Enterprise Linux 5 and 6\nrespectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was found that the optional PostgreSQL xml2 contrib module allowed\nlocal files and remote URLs to be read and written to with the\nprivileges of the database server when parsing Extensible Stylesheet\nLanguage Transformations (XSLT). An unprivileged database user could\nuse this flaw to read and write to local files (such as the database's\nconfiguration files) and remote URLs they would otherwise not have\naccess to by issuing a specially crafted SQL query. (CVE-2012-3488)\n\nIt was found that the 'xml' data type allowed local files and remote\nURLs to be read with the privileges of the database server to resolve\nDTD and entity references in the provided XML. An unprivileged\ndatabase user could use this flaw to read local files they would\notherwise not have access to by issuing a specially crafted SQL query.\nNote that the full contents of the files were not returned, but\nportions could be displayed to the user via error messages.\n(CVE-2012-3489)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Peter Eisentraut as the original\nreporter of CVE-2012-3488, and Noah Misch as the original reporter of\nCVE-2012-3489.\n\nThese updated packages upgrade PostgreSQL to version 8.4.13. Refer to\nthe PostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-September/018870.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ce47af9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-September/018874.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc34393d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql and / or postgresql84 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3488\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql84-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-contrib-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-devel-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-docs-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-libs-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-plperl-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-plpython-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-pltcl-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-python-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-server-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-tcl-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql84-test-8.4.13-1.el5_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"postgresql-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"postgresql-contrib-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"postgresql-devel-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"postgresql-docs-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"postgresql-libs-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"postgresql-plperl-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"postgresql-plpython-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"postgresql-pltcl-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"postgresql-server-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"postgresql-test-8.4.13-1.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-07T11:53:50", "description": "Multiple vulnerabilities has been discovered and corrected in\npostgresql :\n\nPrevent access to external files/URLs via contrib/xml2's\nxslt_process() (Peter Eisentraut). libxslt offers the ability to read\nand write both files and URLs through stylesheet commands, thus\nallowing unprivileged database users to both read and write data with\nthe privileges of the database server. Disable that through proper use\nof libxslt's security options (CVE-2012-3488). Also, remove\nxslt_process()'s ability to fetch documents and stylesheets from\nexternal files/URLs. While this was a documented feature, it was long\nregarded as a bad idea. The fix for CVE-2012-3489 broke that\ncapability, and rather than expend effort on trying to fix it, we're\njust going to summarily remove it.\n\nPrevent access to external files/URLs via XML entity references (Noah\nMisch, Tom Lane). xml_parse() would attempt to fetch external files or\nURLs as needed to resolve DTD and entity references in an XML value,\nthus allowing unprivileged database users to attempt to fetch data\nwith the privileges of the database server. While the external data\nwouldn't get returned directly to the user, portions of it could be\nexposed in error messages if the data didn't parse as valid XML; and\nin any case the mere ability to check existence of a file might be\nuseful to an attacker (CVE-2012-3489).\n\nThis advisory provides the latest versions of PostgreSQL that is not\nvulnerable to these issues.", "edition": 26, "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : postgresql (MDVSA-2012:139)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "modified": "2012-09-06T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:postgresql9.0-server", "p-cpe:/a:mandriva:linux:postgresql9.0-plpython", "p-cpe:/a:mandriva:linux:libecpg9.0_6", "p-cpe:/a:mandriva:linux:lib64pq9.0_5", "p-cpe:/a:mandriva:linux:postgresql9.0-pl", "p-cpe:/a:mandriva:linux:postgresql9.0-plperl", "p-cpe:/a:mandriva:linux:postgresql9.0-contrib", "p-cpe:/a:mandriva:linux:lib64ecpg9.0_6", "p-cpe:/a:mandriva:linux:postgresql9.0", "p-cpe:/a:mandriva:linux:postgresql9.0-plpgsql", "p-cpe:/a:mandriva:linux:postgresql9.0-docs", "p-cpe:/a:mandriva:linux:postgresql9.0-pltcl", "p-cpe:/a:mandriva:linux:libpq9.0_5", "p-cpe:/a:mandriva:linux:postgresql9.0-devel"], "id": "MANDRIVA_MDVSA-2012-139.NASL", "href": "https://www.tenable.com/plugins/nessus/61984", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:139. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61984);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_bugtraq_id(55072, 55074);\n script_xref(name:\"MDVSA\", value:\"2012:139\");\n\n script_name(english:\"Mandriva Linux Security Advisory : postgresql (MDVSA-2012:139)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in\npostgresql :\n\nPrevent access to external files/URLs via contrib/xml2's\nxslt_process() (Peter Eisentraut). libxslt offers the ability to read\nand write both files and URLs through stylesheet commands, thus\nallowing unprivileged database users to both read and write data with\nthe privileges of the database server. Disable that through proper use\nof libxslt's security options (CVE-2012-3488). Also, remove\nxslt_process()'s ability to fetch documents and stylesheets from\nexternal files/URLs. While this was a documented feature, it was long\nregarded as a bad idea. The fix for CVE-2012-3489 broke that\ncapability, and rather than expend effort on trying to fix it, we're\njust going to summarily remove it.\n\nPrevent access to external files/URLs via XML entity references (Noah\nMisch, Tom Lane). xml_parse() would attempt to fetch external files or\nURLs as needed to resolve DTD and entity references in an XML value,\nthus allowing unprivileged database users to attempt to fetch data\nwith the privileges of the database server. While the external data\nwouldn't get returned directly to the user, portions of it could be\nexposed in error messages if the data didn't parse as valid XML; and\nin any case the mere ability to check existence of a file might be\nuseful to an attacker (CVE-2012-3489).\n\nThis advisory provides the latest versions of PostgreSQL that is not\nvulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.postgresql.org/about/news/1407/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.3/release-8-3-20.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/9.0/release-9-0-9.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg9.0_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq9.0_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg9.0_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq9.0_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql9.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64ecpg9.0_6-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64pq9.0_5-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libecpg9.0_6-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libpq9.0_5-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-contrib-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-devel-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-docs-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-pl-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-plperl-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-plpgsql-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-plpython-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-pltcl-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"postgresql9.0-server-9.0.9-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-17T13:46:50", "description": "It was found that the optional PostgreSQL xml2 contrib module allowed\nlocal files and remote URLs to be read and written to with the\nprivileges of the database server when parsing Extensible Stylesheet\nLanguage Transformations (XSLT). An unprivileged database user could\nuse this flaw to read and write to local files (such as the database's\nconfiguration files) and remote URLs they would otherwise not have\naccess to by issuing a specially crafted SQL query. (CVE-2012-3488)\n\nIt was found that the 'xml' data type allowed local files and remote\nURLs to be read with the privileges of the database server to resolve\nDTD and entity references in the provided XML. An unprivileged\ndatabase user could use this flaw to read local files they would\notherwise not have access to by issuing a specially crafted SQL query.\nNote that the full contents of the files were not returned, but\nportions could be displayed to the user via error messages.\n(CVE-2012-3489)\n\nWe would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Peter Eisentraut as the original\nreporter of CVE-2012-3488, and Noah Misch as the original reporter of\nCVE-2012-3489.\n\nThese updated packages upgrade PostgreSQL to version 8.4.13. Refer to\nthe PostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n\nIf the postgresql service is running, it will be automatically\nrestarted after installing this update.", "edition": 16, "published": "2012-09-15T00:00:00", "title": "Scientific Linux Security Update : postgresql and postgresql84 on SL5.x, SL6.x i386/x86_64 (20120913)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "modified": "2012-09-15T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:postgresql84-plperl", "p-cpe:/a:fermilab:scientific_linux:postgresql84-plpython", "p-cpe:/a:fermilab:scientific_linux:postgresql-contrib", "p-cpe:/a:fermilab:scientific_linux:postgresql-libs", "p-cpe:/a:fermilab:scientific_linux:postgresql84-tcl", "p-cpe:/a:fermilab:scientific_linux:postgresql84-python", "p-cpe:/a:fermilab:scientific_linux:postgresql84-docs", "p-cpe:/a:fermilab:scientific_linux:postgresql-plpython", "p-cpe:/a:fermilab:scientific_linux:postgresql", "p-cpe:/a:fermilab:scientific_linux:postgresql-server", "p-cpe:/a:fermilab:scientific_linux:postgresql84-contrib", "p-cpe:/a:fermilab:scientific_linux:postgresql84-libs", "p-cpe:/a:fermilab:scientific_linux:postgresql-test", "p-cpe:/a:fermilab:scientific_linux:postgresql84-devel", "p-cpe:/a:fermilab:scientific_linux:postgresql-pltcl", "p-cpe:/a:fermilab:scientific_linux:postgresql-plperl", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:postgresql-docs", "p-cpe:/a:fermilab:scientific_linux:postgresql84", "p-cpe:/a:fermilab:scientific_linux:postgresql-devel", "p-cpe:/a:fermilab:scientific_linux:postgresql84-pltcl", "p-cpe:/a:fermilab:scientific_linux:postgresql84-test", "p-cpe:/a:fermilab:scientific_linux:postgresql84-server"], "id": "SL_20120913_POSTGRESQL_AND_POSTGRESQL84_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/62108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62108);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n\n script_name(english:\"Scientific Linux Security Update : postgresql and postgresql84 on SL5.x, SL6.x i386/x86_64 (20120913)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the optional PostgreSQL xml2 contrib module allowed\nlocal files and remote URLs to be read and written to with the\nprivileges of the database server when parsing Extensible Stylesheet\nLanguage Transformations (XSLT). An unprivileged database user could\nuse this flaw to read and write to local files (such as the database's\nconfiguration files) and remote URLs they would otherwise not have\naccess to by issuing a specially crafted SQL query. (CVE-2012-3488)\n\nIt was found that the 'xml' data type allowed local files and remote\nURLs to be read with the privileges of the database server to resolve\nDTD and entity references in the provided XML. An unprivileged\ndatabase user could use this flaw to read local files they would\notherwise not have access to by issuing a specially crafted SQL query.\nNote that the full contents of the files were not returned, but\nportions could be displayed to the user via error messages.\n(CVE-2012-3489)\n\nWe would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Peter Eisentraut as the original\nreporter of CVE-2012-3488, and Noah Misch as the original reporter of\nCVE-2012-3489.\n\nThese updated packages upgrade PostgreSQL to version 8.4.13. Refer to\nthe PostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n\nIf the postgresql service is running, it will be automatically\nrestarted after installing this update.\"\n );\n # http://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.4/release-8-4-13.html\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1209&L=scientific-linux-errata&T=0&P=2138\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8085d421\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:postgresql84-test\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-contrib-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-devel-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-docs-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-libs-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-plperl-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-plpython-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-pltcl-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-python-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-server-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-tcl-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql84-test-8.4.13-1.el5_8\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"postgresql-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-contrib-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-devel-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-docs-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-libs-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-plperl-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-plpython-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-pltcl-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-server-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"postgresql-test-8.4.13-1.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-17T12:47:09", "description": "From Red Hat Security Advisory 2012:1263 :\n\nUpdated postgresql84 and postgresql packages that fix two security\nissues are now available for Red Hat Enterprise Linux 5 and 6\nrespectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was found that the optional PostgreSQL xml2 contrib module allowed\nlocal files and remote URLs to be read and written to with the\nprivileges of the database server when parsing Extensible Stylesheet\nLanguage Transformations (XSLT). An unprivileged database user could\nuse this flaw to read and write to local files (such as the database's\nconfiguration files) and remote URLs they would otherwise not have\naccess to by issuing a specially crafted SQL query. (CVE-2012-3488)\n\nIt was found that the 'xml' data type allowed local files and remote\nURLs to be read with the privileges of the database server to resolve\nDTD and entity references in the provided XML. An unprivileged\ndatabase user could use this flaw to read local files they would\notherwise not have access to by issuing a specially crafted SQL query.\nNote that the full contents of the files were not returned, but\nportions could be displayed to the user via error messages.\n(CVE-2012-3489)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Peter Eisentraut as the original\nreporter of CVE-2012-3488, and Noah Misch as the original reporter of\nCVE-2012-3489.\n\nThese updated packages upgrade PostgreSQL to version 8.4.13. Refer to\nthe PostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it\nwill be automatically restarted after installing this update.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : postgresql / postgresql84 (ELSA-2012-1263)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:postgresql84-plpython", "p-cpe:/a:oracle:linux:postgresql84-plperl", "p-cpe:/a:oracle:linux:postgresql-plpython", "p-cpe:/a:oracle:linux:postgresql84-devel", "p-cpe:/a:oracle:linux:postgresql84-tcl", "p-cpe:/a:oracle:linux:postgresql-plperl", "p-cpe:/a:oracle:linux:postgresql84-pltcl", "p-cpe:/a:oracle:linux:postgresql-contrib", "p-cpe:/a:oracle:linux:postgresql84-libs", "p-cpe:/a:oracle:linux:postgresql84-docs", "p-cpe:/a:oracle:linux:postgresql-pltcl", "p-cpe:/a:oracle:linux:postgresql84-contrib", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:postgresql-docs", "p-cpe:/a:oracle:linux:postgresql", "p-cpe:/a:oracle:linux:postgresql-test", "p-cpe:/a:oracle:linux:postgresql84-server", "p-cpe:/a:oracle:linux:postgresql84-python", "p-cpe:/a:oracle:linux:postgresql-devel", "p-cpe:/a:oracle:linux:postgresql-server", "p-cpe:/a:oracle:linux:postgresql84-test", "p-cpe:/a:oracle:linux:postgresql84", "p-cpe:/a:oracle:linux:postgresql-libs"], "id": "ORACLELINUX_ELSA-2012-1263.NASL", "href": "https://www.tenable.com/plugins/nessus/68620", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1263 and \n# Oracle Linux Security Advisory ELSA-2012-1263 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68620);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_bugtraq_id(52188, 53729, 53812, 55072, 55074);\n script_xref(name:\"RHSA\", value:\"2012:1263\");\n\n script_name(english:\"Oracle Linux 5 / 6 : postgresql / postgresql84 (ELSA-2012-1263)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1263 :\n\nUpdated postgresql84 and postgresql packages that fix two security\nissues are now available for Red Hat Enterprise Linux 5 and 6\nrespectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was found that the optional PostgreSQL xml2 contrib module allowed\nlocal files and remote URLs to be read and written to with the\nprivileges of the database server when parsing Extensible Stylesheet\nLanguage Transformations (XSLT). An unprivileged database user could\nuse this flaw to read and write to local files (such as the database's\nconfiguration files) and remote URLs they would otherwise not have\naccess to by issuing a specially crafted SQL query. (CVE-2012-3488)\n\nIt was found that the 'xml' data type allowed local files and remote\nURLs to be read with the privileges of the database server to resolve\nDTD and entity references in the provided XML. An unprivileged\ndatabase user could use this flaw to read local files they would\notherwise not have access to by issuing a specially crafted SQL query.\nNote that the full contents of the files were not returned, but\nportions could be displayed to the user via error messages.\n(CVE-2012-3489)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Peter Eisentraut as the original\nreporter of CVE-2012-3488, and Noah Misch as the original reporter of\nCVE-2012-3489.\n\nThese updated packages upgrade PostgreSQL to version 8.4.13. Refer to\nthe PostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-September/003024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-September/003027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql and / or postgresql84 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql84-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-contrib-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-devel-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-docs-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-libs-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-plperl-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-plpython-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-pltcl-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-python-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-server-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-tcl-8.4.13-1.el5_8\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql84-test-8.4.13-1.el5_8\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"postgresql-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-contrib-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-devel-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-docs-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-libs-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-plperl-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-plpython-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-pltcl-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-server-8.4.13-1.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"postgresql-test-8.4.13-1.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-17T13:11:08", "description": "Updated postgresql84 and postgresql packages that fix two security\nissues are now available for Red Hat Enterprise Linux 5 and 6\nrespectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was found that the optional PostgreSQL xml2 contrib module allowed\nlocal files and remote URLs to be read and written to with the\nprivileges of the database server when parsing Extensible Stylesheet\nLanguage Transformations (XSLT). An unprivileged database user could\nuse this flaw to read and write to local files (such as the database's\nconfiguration files) and remote URLs they would otherwise not have\naccess to by issuing a specially crafted SQL query. (CVE-2012-3488)\n\nIt was found that the 'xml' data type allowed local files and remote\nURLs to be read with the privileges of the database server to resolve\nDTD and entity references in the provided XML. An unprivileged\ndatabase user could use this flaw to read local files they would\notherwise not have access to by issuing a specially crafted SQL query.\nNote that the full contents of the files were not returned, but\nportions could be displayed to the user via error messages.\n(CVE-2012-3489)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Peter Eisentraut as the original\nreporter of CVE-2012-3488, and Noah Misch as the original reporter of\nCVE-2012-3489.\n\nThese updated packages upgrade PostgreSQL to version 8.4.13. Refer to\nthe PostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it\nwill be automatically restarted after installing this update.", "edition": 26, "published": "2012-09-14T00:00:00", "title": "RHEL 5 / 6 : postgresql and postgresql84 (RHSA-2012:1263)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "modified": "2012-09-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql84-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql84-libs", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:postgresql84", "p-cpe:/a:redhat:enterprise_linux:postgresql84-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql84-test", "cpe:/o:redhat:enterprise_linux:6.3", "p-cpe:/a:redhat:enterprise_linux:postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql84-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql84-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql84-debuginfo", "p-cpe:/a:redhat:enterprise_linux:postgresql-debuginfo", "p-cpe:/a:redhat:enterprise_linux:postgresql84-plpython", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql84-python", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:postgresql84-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql84-tcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql84-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-libs"], "id": "REDHAT-RHSA-2012-1263.NASL", "href": "https://www.tenable.com/plugins/nessus/62088", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1263. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62088);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_bugtraq_id(55072, 55074);\n script_xref(name:\"RHSA\", value:\"2012:1263\");\n\n script_name(english:\"RHEL 5 / 6 : postgresql and postgresql84 (RHSA-2012:1263)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql84 and postgresql packages that fix two security\nissues are now available for Red Hat Enterprise Linux 5 and 6\nrespectively.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was found that the optional PostgreSQL xml2 contrib module allowed\nlocal files and remote URLs to be read and written to with the\nprivileges of the database server when parsing Extensible Stylesheet\nLanguage Transformations (XSLT). An unprivileged database user could\nuse this flaw to read and write to local files (such as the database's\nconfiguration files) and remote URLs they would otherwise not have\naccess to by issuing a specially crafted SQL query. (CVE-2012-3488)\n\nIt was found that the 'xml' data type allowed local files and remote\nURLs to be read with the privileges of the database server to resolve\nDTD and entity references in the provided XML. An unprivileged\ndatabase user could use this flaw to read local files they would\notherwise not have access to by issuing a specially crafted SQL query.\nNote that the full contents of the files were not returned, but\nportions could be displayed to the user via error messages.\n(CVE-2012-3489)\n\nRed Hat would like to thank the PostgreSQL project for reporting these\nissues. Upstream acknowledges Peter Eisentraut as the original\nreporter of CVE-2012-3488, and Noah Misch as the original reporter of\nCVE-2012-3489.\n\nThese updated packages upgrade PostgreSQL to version 8.4.13. Refer to\nthe PostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n # http://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.4/release-8-4-13.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3489\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql84-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1263\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-contrib-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-contrib-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-contrib-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql84-debuginfo-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql84-devel-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-docs-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-docs-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-docs-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql84-libs-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-plperl-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-plperl-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-plperl-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-plpython-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-plpython-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-plpython-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-pltcl-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-pltcl-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-pltcl-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-python-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-python-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-python-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-server-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-server-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-server-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-tcl-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-tcl-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-tcl-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql84-test-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql84-test-8.4.13-1.el5_8\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql84-test-8.4.13-1.el5_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-contrib-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-contrib-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-contrib-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-debuginfo-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-devel-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-docs-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-docs-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-docs-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"postgresql-libs-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-plperl-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-plperl-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-plperl-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-plpython-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-plpython-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-plpython-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-pltcl-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-pltcl-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-pltcl-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-server-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-server-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-server-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"postgresql-test-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"postgresql-test-8.4.13-1.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"postgresql-test-8.4.13-1.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T10:09:57", "description": "Update to PostgreSQL 9.1.5, for various fixes described at\nhttp://www.postgresql.org/docs/9.1/static/release-9-1-5.html including\nthe fixes for CVE-2012-3488, CVE-2012-3489\n\nConfigure postmaster to create Unix-domain sockets in both\n/var/run/postgresql and /tmp; the former is now the default place for\nlibpq to contact the postmaster. This works around problems with\nclients running in a PrivateTmp context.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-08-27T00:00:00", "title": "Fedora 17 : postgresql-9.1.5-1.fc17 (2012-12165)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "modified": "2012-08-27T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:postgresql"], "id": "FEDORA_2012-12165.NASL", "href": "https://www.tenable.com/plugins/nessus/61672", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-12165.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61672);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_bugtraq_id(55072, 55074);\n script_xref(name:\"FEDORA\", value:\"2012-12165\");\n\n script_name(english:\"Fedora 17 : postgresql-9.1.5-1.fc17 (2012-12165)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to PostgreSQL 9.1.5, for various fixes described at\nhttp://www.postgresql.org/docs/9.1/static/release-9-1-5.html including\nthe fixes for CVE-2012-3488, CVE-2012-3489\n\nConfigure postmaster to create Unix-domain sockets in both\n/var/run/postgresql and /tmp; the former is now the default place for\nlibpq to contact the postmaster. This works around problems with\nclients running in a PrivateTmp context.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.postgresql.org/docs/9.1/static/release-9-1-5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/9.1/release-9-1-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=849172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=849173\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-August/085606.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?617efb37\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"postgresql-9.1.5-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T04:55:04", "description": "The version of PostgreSQL installed on the remote host is 8.3.x prior\nto 8.3.20, 8.4.x prior to 8.4.13, 9.0.x prior to 9.0.9, or 9.1.x prior\nto 9.1.5. It therefore is potentially affected by multiple\nvulnerabilities :\n\n - A flaw in contrib/xml2's xslt_process can be used to\n read and write arbitrary files. (CVE-2012-3488)\n\n - An xml_parse() DTD validation flaw can be used to read\n arbitrary files. (CVE-2012-3489)", "edition": 29, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}, "published": "2012-12-28T00:00:00", "title": "PostgreSQL 8.3 < 8.3.20 / 8.4 < 8.4.13 / 9.0 < 9.0.9 / 9.1 < 9.1.5 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:postgresql:postgresql"], "id": "POSTGRESQL_20120817.NASL", "href": "https://www.tenable.com/plugins/nessus/63354", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63354);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_bugtraq_id(55072, 55074);\n\n script_name(english:\"PostgreSQL 8.3 < 8.3.20 / 8.4 < 8.4.13 / 9.0 < 9.0.9 / 9.1 < 9.1.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PostgreSQL\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PostgreSQL installed on the remote host is 8.3.x prior\nto 8.3.20, 8.4.x prior to 8.4.13, 9.0.x prior to 9.0.9, or 9.1.x prior\nto 9.1.5. It therefore is potentially affected by multiple\nvulnerabilities :\n\n - A flaw in contrib/xml2's xslt_process can be used to\n read and write arbitrary files. (CVE-2012-3488)\n\n - An xml_parse() DTD validation flaw can be used to read\n arbitrary files. (CVE-2012-3489)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.postgresql.org/about/news/1407/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/8.3/release-8-3-20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.postgresql.org/docs/8.4/static/release-8-4-13.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/9.0/release-9-0-9.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.postgresql.org/docs/9.1/static/release-9-1-5.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PostgreSQL 8.3.20 / 8.4.13 / 9.0.9 / 9.1.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-3488\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:postgresql:postgresql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"postgresql_version.nbin\");\n script_require_ports(\"Services/postgresql\", 5432);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_service(svc:\"postgresql\", default:5432, exit_on_fail:TRUE);\n\nversion = get_kb_item_or_exit('database/'+port+'/postgresql/version');\nsource = get_kb_item_or_exit('database/'+port+'/postgresql/source');\ndatabase = get_kb_item('database/'+port+'/postgresql/database_name');\n\nget_backport_banner(banner:source);\nif (backported && report_paranoia < 2) audit(AUDIT_BACKPORT_SERVICE, port, 'PostgreSQL server');\n\nver = split(version, sep:'.');\nfor (i=0; i < max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n (ver[0] == 8 && ver[1] == 3 && ver[2] < 20) ||\n (ver[0] == 8 && ver[1] == 4 && ver[2] < 13) ||\n (ver[0] == 9 && ver[1] == 0 && ver[2] < 9) ||\n (ver[0] == 9 && ver[1] == 1 && ver[2] < 5)\n)\n{\n if (report_verbosity > 0)\n {\n report = '';\n if(database)\n report += '\\n Database name : ' + database ;\n report +=\n '\\n Version source : ' + source + \n '\\n Installed version : ' + version +\n '\\n Fixed version : 8.3.20 / 8.4.13 / 9.0.9 / 9.1.5\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, 'PostgreSQL', port, version);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T06:38:09", "description": "Peter Eisentraut discovered that the XSLT functionality in the\noptional XML2 extension would allow unprivileged database users to\nboth read and write data with the privileges of the database server.\n(CVE-2012-3488)\n\nNoah Misch and Tom Lane discovered that the XML functionality in the\noptional XML2 extension would allow unprivileged database users to\nread data with the privileges of the database server. (CVE-2012-3489).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-08-21T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities (USN-1542-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.3", "p-cpe:/a:canonical:ubuntu_linux:postgresql-9.1", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.4", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1542-1.NASL", "href": "https://www.tenable.com/plugins/nessus/61607", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1542-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61607);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_bugtraq_id(55072, 55074);\n script_xref(name:\"USN\", value:\"1542-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities (USN-1542-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Peter Eisentraut discovered that the XSLT functionality in the\noptional XML2 extension would allow unprivileged database users to\nboth read and write data with the privileges of the database server.\n(CVE-2012-3488)\n\nNoah Misch and Tom Lane discovered that the XML functionality in the\noptional XML2 extension would allow unprivileged database users to\nread data with the privileges of the database server. (CVE-2012-3489).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1542-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected postgresql-8.3, postgresql-8.4 and / or\npostgresql-9.1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-8.3\", pkgver:\"8.3.20-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"postgresql-8.4\", pkgver:\"8.4.13-0ubuntu10.04\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"postgresql-8.4\", pkgver:\"8.4.13-0ubuntu11.04\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"postgresql-9.1\", pkgver:\"9.1.5-0ubuntu11.10\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"postgresql-9.1\", pkgver:\"9.1.5-0ubuntu12.04\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql-8.3 / postgresql-8.4 / postgresql-9.1\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-01-12T10:09:57", "description": "Update to PostgreSQL 9.1.5, for various fixes described at\nhttp://www.postgresql.org/docs/9.1/static/release-9-1-5.html including\nthe fixes for CVE-2012-3488, CVE-2012-3489\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-08-27T00:00:00", "title": "Fedora 16 : postgresql-9.1.5-1.fc16 (2012-12156)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "modified": "2012-08-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:postgresql", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-12156.NASL", "href": "https://www.tenable.com/plugins/nessus/61671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-12156.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61671);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_bugtraq_id(55072, 55074);\n script_xref(name:\"FEDORA\", value:\"2012-12156\");\n\n script_name(english:\"Fedora 16 : postgresql-9.1.5-1.fc16 (2012-12156)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to PostgreSQL 9.1.5, for various fixes described at\nhttp://www.postgresql.org/docs/9.1/static/release-9-1-5.html including\nthe fixes for CVE-2012-3488, CVE-2012-3489\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.postgresql.org/docs/9.1/static/release-9-1-5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/9.1/release-9-1-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=849172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=849173\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-August/085585.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?425bbc10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"postgresql-9.1.5-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2018-01-11T11:06:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "Check for the Version of postgresql84", "modified": "2018-01-10T00:00:00", "published": "2012-09-17T00:00:00", "id": "OPENVAS:881490", "href": "http://plugins.openvas.org/nasl.php?oid=881490", "type": "openvas", "title": "CentOS Update for postgresql84 CESA-2012:1263 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for postgresql84 CESA-2012:1263 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL is an advanced object-relational database management system\n (DBMS).\n\n It was found that the optional PostgreSQL xml2 contrib module allowed local\n files and remote URLs to be read and written to with the privileges of the\n database server when parsing Extensible Stylesheet Language Transformations\n (XSLT). An unprivileged database user could use this flaw to read and write\n to local files (such as the database's configuration files) and remote URLs\n they would otherwise not have access to by issuing a specially-crafted SQL\n query. (CVE-2012-3488)\n \n It was found that the "xml" data type allowed local files and remote URLs\n to be read with the privileges of the database server to resolve DTD and\n entity references in the provided XML. An unprivileged database user could\n use this flaw to read local files they would otherwise not have access to\n by issuing a specially-crafted SQL query. Note that the full contents of\n the files were not returned, but portions could be displayed to the user\n via error messages. (CVE-2012-3489)\n \n Red Hat would like to thank the PostgreSQL project for reporting these\n issues. Upstream acknowledges Peter Eisentraut as the original reporter of\n CVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489.\n \n These updated packages upgrade PostgreSQL to version 8.4.13. Refer to the\n PostgreSQL Release Notes for a list of changes:\n \n <a rel= &qt nofollow &qt href= &qt http://www.postgresql.org/docs/8.4/static/release-8-4-13.html &qt >http://www.postgresql.org/docs/8.4/static/release-8-4-13.html</a>\n \n All PostgreSQL users are advised to upgrade to these updated packages,\n which correct these issues. If the postgresql service is running, it will\n be automatically restarted after installing this update.\";\n\ntag_affected = \"postgresql84 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-September/018870.html\");\n script_id(881490);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-17 16:44:12 +0530 (Mon, 17 Sep 2012)\");\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2012:1263\");\n script_name(\"CentOS Update for postgresql84 CESA-2012:1263 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of postgresql84\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql84\", rpm:\"postgresql84~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-contrib\", rpm:\"postgresql84-contrib~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-devel\", rpm:\"postgresql84-devel~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-docs\", rpm:\"postgresql84-docs~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-libs\", rpm:\"postgresql84-libs~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-plperl\", rpm:\"postgresql84-plperl~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-plpython\", rpm:\"postgresql84-plpython~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-pltcl\", rpm:\"postgresql84-pltcl~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-python\", rpm:\"postgresql84-python~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-server\", rpm:\"postgresql84-server~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-tcl\", rpm:\"postgresql84-tcl~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-test\", rpm:\"postgresql84-test~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "Check for the Version of postgresql and postgresql84", "modified": "2017-12-28T00:00:00", "published": "2012-09-17T00:00:00", "id": "OPENVAS:870832", "href": "http://plugins.openvas.org/nasl.php?oid=870832", "type": "openvas", "title": "RedHat Update for postgresql and postgresql84 RHSA-2012:1263-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for postgresql and postgresql84 RHSA-2012:1263-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL is an advanced object-relational database management system\n (DBMS).\n\n It was found that the optional PostgreSQL xml2 contrib module allowed local\n files and remote URLs to be read and written to with the privileges of the\n database server when parsing Extensible Stylesheet Language Transformations\n (XSLT). An unprivileged database user could use this flaw to read and write\n to local files (such as the database's configuration files) and remote URLs\n they would otherwise not have access to by issuing a specially-crafted SQL\n query. (CVE-2012-3488)\n\n It was found that the "xml" data type allowed local files and remote URLs\n to be read with the privileges of the database server to resolve DTD and\n entity references in the provided XML. An unprivileged database user could\n use this flaw to read local files they would otherwise not have access to\n by issuing a specially-crafted SQL query. Note that the full contents of\n the files were not returned, but portions could be displayed to the user\n via error messages. (CVE-2012-3489)\n\n Red Hat would like to thank the PostgreSQL project for reporting these\n issues. Upstream acknowledges Peter Eisentraut as the original reporter of\n CVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489.\n\n These updated packages upgrade PostgreSQL to version 8.4.13. Refer to the\n PostgreSQL Release Notes for a list of changes:\n http://www.postgresql.org/docs/8.4/static/release-8-4-13.html\n\n All PostgreSQL users are advised to upgrade to these updated packages,\n which correct these issues. If the postgresql service is running, it will\n be automatically restarted after installing this update.\";\n\ntag_affected = \"postgresql and postgresql84 on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-September/msg00018.html\");\n script_id(870832);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-17 16:41:55 +0530 (Mon, 17 Sep 2012)\");\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2012:1263-01\");\n script_name(\"RedHat Update for postgresql and postgresql84 RHSA-2012:1263-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of postgresql and postgresql84\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.4.13~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.4.13~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.4.13~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.4.13~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.4.13~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.4.13~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.4.13~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.4.13~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.4.13~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.4.13~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.4.13~1.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql84\", rpm:\"postgresql84~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-contrib\", rpm:\"postgresql84-contrib~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-debuginfo\", rpm:\"postgresql84-debuginfo~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-devel\", rpm:\"postgresql84-devel~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-docs\", rpm:\"postgresql84-docs~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-libs\", rpm:\"postgresql84-libs~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-plperl\", rpm:\"postgresql84-plperl~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-plpython\", rpm:\"postgresql84-plpython~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-pltcl\", rpm:\"postgresql84-pltcl~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-python\", rpm:\"postgresql84-python~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-server\", rpm:\"postgresql84-server~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-tcl\", rpm:\"postgresql84-tcl~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-test\", rpm:\"postgresql84-test~8.4.13~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "Oracle Linux Local Security Checks ELSA-2012-1263", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123822", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1263", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1263.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123822\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:01 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1263\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1263 - postgresql and postgresql84 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1263\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1263.html\");\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"postgresql84\", rpm:\"postgresql84~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql84-contrib\", rpm:\"postgresql84-contrib~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql84-devel\", rpm:\"postgresql84-devel~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql84-docs\", rpm:\"postgresql84-docs~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql84-libs\", rpm:\"postgresql84-libs~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql84-plperl\", rpm:\"postgresql84-plperl~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql84-plpython\", rpm:\"postgresql84-plpython~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql84-pltcl\", rpm:\"postgresql84-pltcl~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql84-python\", rpm:\"postgresql84-python~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql84-server\", rpm:\"postgresql84-server~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql84-tcl\", rpm:\"postgresql84-tcl~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql84-test\", rpm:\"postgresql84-test~8.4.13~1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.4.13~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.4.13~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.4.13~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.4.13~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.4.13~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.4.13~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.4.13~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.4.13~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.4.13~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.4.13~1.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:39:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-08-21T00:00:00", "id": "OPENVAS:1361412562310831725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831725", "type": "openvas", "title": "Mandriva Update for postgresql MDVSA-2012:139 (postgresql)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for postgresql MDVSA-2012:139 (postgresql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:139\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831725\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-21 11:46:08 +0530 (Tue, 21 Aug 2012)\");\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_xref(name:\"MDVSA\", value:\"2012:139\");\n script_name(\"Mandriva Update for postgresql MDVSA-2012:139 (postgresql)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'postgresql'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"postgresql on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in\n postgresql:\n\n Prevent access to external files/URLs via contrib/xml2's xslt_process()\n (Peter Eisentraut). libxslt offers the ability to read and write both\n files and URLs through stylesheet commands, thus allowing unprivileged\n database users to both read and write data with the privileges of the\n database server. Disable that through proper use of libxslt's security\n options (CVE-2012-3488). Also, remove xslt_process()'s ability to\n fetch documents and stylesheets from external files/URLs. While this\n was a documented feature, it was long regarded as a bad idea. The\n fix for CVE-2012-3489 broke that capability, and rather than expend\n effort on trying to fix it, we're just going to summarily remove it.\n\n Prevent access to external files/URLs via XML entity references (Noah\n Misch, Tom Lane). xml_parse() would attempt to fetch external files or\n URLs as needed to resolve DTD and entity references in an XML value,\n thus allowing unprivileged database users to attempt to fetch data\n with the privileges of the database server. While the external data\n wouldn't get returned directly to the user, portions of it could\n be exposed in error messages if the data didn't parse as valid XML.\n And in any case the mere ability to check existence of a file might\n be useful to an attacker (CVE-2012-3489).\n\n This advisory provides the latest versions of PostgreSQL that is not\n vulnerable to these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg9.0_6\", rpm:\"libecpg9.0_6~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq9.0_5\", rpm:\"libpq9.0_5~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql9.0\", rpm:\"postgresql9.0~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql9.0-contrib\", rpm:\"postgresql9.0-contrib~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql9.0-devel\", rpm:\"postgresql9.0-devel~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql9.0-docs\", rpm:\"postgresql9.0-docs~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql9.0-pl\", rpm:\"postgresql9.0-pl~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql9.0-plperl\", rpm:\"postgresql9.0-plperl~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql9.0-plpgsql\", rpm:\"postgresql9.0-plpgsql~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql9.0-plpython\", rpm:\"postgresql9.0-plpython~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql9.0-pltcl\", rpm:\"postgresql9.0-pltcl~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql9.0-server\", rpm:\"postgresql9.0-server~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg9.0_6\", rpm:\"lib64ecpg9.0_6~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq9.0_5\", rpm:\"lib64pq9.0_5~9.0.9~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg8.3_6\", rpm:\"libecpg8.3_6~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq8.3_5\", rpm:\"libpq8.3_5~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3\", rpm:\"postgresql8.3~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-contrib\", rpm:\"postgresql8.3-contrib~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-devel\", rpm:\"postgresql8.3-devel~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-docs\", rpm:\"postgresql8.3-docs~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pl\", rpm:\"postgresql8.3-pl~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plperl\", rpm:\"postgresql8.3-plperl~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpgsql\", rpm:\"postgresql8.3-plpgsql~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpython\", rpm:\"postgresql8.3-plpython~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pltcl\", rpm:\"postgresql8.3-pltcl~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-server\", rpm:\"postgresql8.3-server~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg8.3_6\", rpm:\"lib64ecpg8.3_6~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq8.3_5\", rpm:\"lib64pq8.3_5~8.3.20~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-09-17T00:00:00", "id": "OPENVAS:1361412562310881490", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881490", "type": "openvas", "title": "CentOS Update for postgresql84 CESA-2012:1263 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for postgresql84 CESA-2012:1263 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881490\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-17 16:44:12 +0530 (Mon, 17 Sep 2012)\");\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_xref(name:\"CESA\", value:\"2012:1263\");\n script_name(\"CentOS Update for postgresql84 CESA-2012:1263 centos5\");\n\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-September/018870.html\");\n script_xref(name:\"URL\", value:\"http://www.postgresql.org/docs/8.4/static/release-8-4-13.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'postgresql84'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"postgresql84 on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"PostgreSQL is an advanced object-relational database management system\n (DBMS).\n\n It was found that the optional PostgreSQL xml2 contrib module allowed local\n files and remote URLs to be read and written to with the privileges of the\n database server when parsing Extensible Stylesheet Language Transformations\n (XSLT). An unprivileged database user could use this flaw to read and write\n to local files (such as the database's configuration files) and remote URLs\n they would otherwise not have access to by issuing a specially-crafted SQL\n query. (CVE-2012-3488)\n\n It was found that the 'xml' data type allowed local files and remote URLs\n to be read with the privileges of the database server to resolve DTD and\n entity references in the provided XML. An unprivileged database user could\n use this flaw to read local files they would otherwise not have access to\n by issuing a specially-crafted SQL query. Note that the full contents of\n the files were not returned, but portions could be displayed to the user\n via error messages. (CVE-2012-3489)\n\n Red Hat would like to thank the PostgreSQL project for reporting these\n issues. Upstream acknowledges Peter Eisentraut as the original reporter of\n CVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489.\n\n These updated packages upgrade PostgreSQL to version 8.4.13. Refer to the\n linked PostgreSQL Release Notes for a list of changes.\n\n All PostgreSQL users are advised to upgrade to these updated packages,\n which correct these issues. If the postgresql service is running, it will\n be automatically restarted after installing this update.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql84\", rpm:\"postgresql84~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-contrib\", rpm:\"postgresql84-contrib~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-devel\", rpm:\"postgresql84-devel~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-docs\", rpm:\"postgresql84-docs~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-libs\", rpm:\"postgresql84-libs~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-plperl\", rpm:\"postgresql84-plperl~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-plpython\", rpm:\"postgresql84-plpython~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-pltcl\", rpm:\"postgresql84-pltcl~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-python\", rpm:\"postgresql84-python~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-server\", rpm:\"postgresql84-server~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-tcl\", rpm:\"postgresql84-tcl~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql84-test\", rpm:\"postgresql84-test~8.4.13~1.el5_8\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1542-1", "modified": "2019-03-13T00:00:00", "published": "2012-08-21T00:00:00", "id": "OPENVAS:1361412562310841120", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841120", "type": "openvas", "title": "Ubuntu Update for postgresql-9.1 USN-1542-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1542_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for postgresql-9.1 USN-1542-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1542-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841120\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-21 11:45:11 +0530 (Tue, 21 Aug 2012)\");\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_xref(name:\"USN\", value:\"1542-1\");\n script_name(\"Ubuntu Update for postgresql-9.1 USN-1542-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1542-1\");\n script_tag(name:\"affected\", value:\"postgresql-9.1 on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Peter Eisentraut discovered that the XSLT functionality in the optional\n XML2 extension would allow unprivileged database users to both read and\n write data with the privileges of the database server. (CVE-2012-3488)\n\n Noah Misch and Tom Lane discovered that the XML functionality in the\n optional XML2 extension would allow unprivileged database users to\n read data with the privileges of the database server. (CVE-2012-3489)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.4\", ver:\"8.4.13-0ubuntu10.04\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postgresql-9.1\", ver:\"9.1.5-0ubuntu12.04\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postgresql-9.1\", ver:\"9.1.5-0ubuntu11.10\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.4\", ver:\"8.4.13-0ubuntu11.04\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.3\", ver:\"8.3.20-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2017-07-24T12:51:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "Two vulnerabilities related to XML processing were discovered in\nPostgreSQL, an SQL database.\n\nCVE-2012-3488contrib/xml2's xslt_process() can be used to read and write\nexternal files and URLs.\n\nCVE-2012-3489xml_parse() fetches external files or URLs to resolve DTD and\nentity references in XML values.\n\nThis update removes the problematic functionality, potentially\nbreaking applications which use it in a legitimate way.\n\nDue to the nature of these vulnerabilities, it is possible that\nattackers who have only indirect access to the database can supply\ncrafted XML data which exploits this vulnerability.", "modified": "2017-07-07T00:00:00", "published": "2013-09-18T00:00:00", "id": "OPENVAS:892534", "href": "http://plugins.openvas.org/nasl.php?oid=892534", "type": "openvas", "title": "Debian Security Advisory DSA 2534-1 (postgresql-8.4 - several vulnerabilities)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2534_1.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2534-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"postgresql-8.4 on Debian Linux\";\ntag_insight = \"PostgreSQL is a fully featured object-relational database management\nsystem. It supports a large part of the SQL standard and is designed\nto be extensible by users in many aspects. Some of the features are:\nACID transactions, foreign keys, views, sequences, subqueries,\ntriggers, user-defined types and functions, outer joins, multiversion\nconcurrency control. Graphical user interfaces and bindings for many\nprogramming languages are available as well.\";\ntag_solution = \"For the stable distribution (squeeze), these problems have been fixed\nin version 8.4.13-0squeeze1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.1.5-1 of the postgresql-9.1 package.\n\nWe recommend that you upgrade your postgresql-8.4 packages.\";\ntag_summary = \"Two vulnerabilities related to XML processing were discovered in\nPostgreSQL, an SQL database.\n\nCVE-2012-3488contrib/xml2's xslt_process() can be used to read and write\nexternal files and URLs.\n\nCVE-2012-3489xml_parse() fetches external files or URLs to resolve DTD and\nentity references in XML values.\n\nThis update removes the problematic functionality, potentially\nbreaking applications which use it in a legitimate way.\n\nDue to the nature of these vulnerabilities, it is possible that\nattackers who have only indirect access to the database can supply\ncrafted XML data which exploits this vulnerability.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892534);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-3489\", \"CVE-2012-3488\");\n script_name(\"Debian Security Advisory DSA 2534-1 (postgresql-8.4 - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 11:53:02 +0200 (Wed, 18 Sep 2013)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2012/dsa-2534.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-8.4\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-8.4\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.4\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-8.4\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.4\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.4\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.4\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.4\", ver:\"8.4.13-0squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-04T11:19:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1542-1", "modified": "2017-12-01T00:00:00", "published": "2012-08-21T00:00:00", "id": "OPENVAS:841120", "href": "http://plugins.openvas.org/nasl.php?oid=841120", "type": "openvas", "title": "Ubuntu Update for postgresql-9.1 USN-1542-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1542_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for postgresql-9.1 USN-1542-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Peter Eisentraut discovered that the XSLT functionality in the optional\n XML2 extension would allow unprivileged database users to both read and\n write data with the privileges of the database server. (CVE-2012-3488)\n\n Noah Misch and Tom Lane discovered that the XML functionality in the\n optional XML2 extension would allow unprivileged database users to\n read data with the privileges of the database server. (CVE-2012-3489)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1542-1\";\ntag_affected = \"postgresql-9.1 on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1542-1/\");\n script_id(841120);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-21 11:45:11 +0530 (Tue, 21 Aug 2012)\");\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1542-1\");\n script_name(\"Ubuntu Update for postgresql-9.1 USN-1542-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.4\", ver:\"8.4.13-0ubuntu10.04\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postgresql-9.1\", ver:\"9.1.5-0ubuntu12.04\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postgresql-9.1\", ver:\"9.1.5-0ubuntu11.10\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.4\", ver:\"8.4.13-0ubuntu11.04\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.3\", ver:\"8.3.20-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-01-29T20:39:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "This host is installed with PostgreSQL and is prone to multiple\n vulnerabilities.", "modified": "2020-01-28T00:00:00", "published": "2013-01-24T00:00:00", "id": "OPENVAS:1361412562310803219", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803219", "type": "openvas", "title": "PostgreSQL 'xml_parse()' And 'xslt_process()' Multiple Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# PostgreSQL 'xml_parse()' And 'xslt_process()' Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:postgresql:postgresql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803219\");\n script_version(\"2020-01-28T13:26:39+0000\");\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_bugtraq_id(55072, 55074);\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-28 13:26:39 +0000 (Tue, 28 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-01-24 17:08:52 +0530 (Thu, 24 Jan 2013)\");\n script_name(\"PostgreSQL 'xml_parse()' And 'xslt_process()' Multiple Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/50218\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1027408\");\n script_xref(name:\"URL\", value:\"http://www.postgresql.org/about/news/1407\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"postgresql_detect.nasl\", \"secpod_postgresql_detect_lin.nasl\", \"secpod_postgresql_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"postgresql/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to modify data, obtain sensitive\n information or trigger outbound traffic to arbitrary external hosts.\");\n\n script_tag(name:\"affected\", value:\"PostgreSQL versions 8.3 before 8.3.20, 8.4 before 8.4.13,\n 9.0 before 9.0.9, and 9.1 before 9.1.5 on Windows.\");\n\n script_tag(name:\"insight\", value:\"- An error exists within the 'xml_parse()' function when parsing DTD data\n within XML documents.\n\n - An error exists within the 'xslt_process()' when parsing XSLT style sheets.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PostgreSQL 8.3.20, 8.4.13, 9.0.9 or 9.1.5 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PostgreSQL and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\nloc = infos[\"location\"];\nif(vers !~ \"^[89]\\.\")\n exit(99);\n\nif(version_in_range(version:vers, test_version:\"8.3\", test_version2:\"8.3.19\") ||\n version_in_range(version:vers, test_version:\"8.4\", test_version2:\"8.4.12\") ||\n version_in_range(version:vers, test_version:\"9.0\", test_version2:\"9.0.8\") ||\n version_in_range(version:vers, test_version:\"9.1\", test_version2:\"9.1.4\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"See references\", install_path:loc);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2018-01-11T11:07:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "Check for the Version of postgresql", "modified": "2018-01-09T00:00:00", "published": "2012-09-17T00:00:00", "id": "OPENVAS:881502", "href": "http://plugins.openvas.org/nasl.php?oid=881502", "type": "openvas", "title": "CentOS Update for postgresql CESA-2012:1263 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for postgresql CESA-2012:1263 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL is an advanced object-relational database management system\n (DBMS).\n\n It was found that the optional PostgreSQL xml2 contrib module allowed local\n files and remote URLs to be read and written to with the privileges of the\n database server when parsing Extensible Stylesheet Language Transformations\n (XSLT). An unprivileged database user could use this flaw to read and write\n to local files (such as the database's configuration files) and remote URLs\n they would otherwise not have access to by issuing a specially-crafted SQL\n query. (CVE-2012-3488)\n \n It was found that the "xml" data type allowed local files and remote URLs\n to be read with the privileges of the database server to resolve DTD and\n entity references in the provided XML. An unprivileged database user could\n use this flaw to read local files they would otherwise not have access to\n by issuing a specially-crafted SQL query. Note that the full contents of\n the files were not returned, but portions could be displayed to the user\n via error messages. (CVE-2012-3489)\n \n Red Hat would like to thank the PostgreSQL project for reporting these\n issues. Upstream acknowledges Peter Eisentraut as the original reporter of\n CVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489.\n \n These updated packages upgrade PostgreSQL to version 8.4.13. Refer to the\n PostgreSQL Release Notes for a list of changes:\n \n <a rel= &qt nofollow &qt href= &qt http://www.postgresql.org/docs/8.4/static/release-8-4-13.html &qt >http://www.postgresql.org/docs/8.4/static/release-8-4-13.html</a>\n \n All PostgreSQL users are advised to upgrade to these updated packages,\n which correct these issues. If the postgresql service is running, it will\n be automatically restarted after installing this update.\";\n\ntag_affected = \"postgresql on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-September/018874.html\");\n script_id(881502);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-17 16:50:31 +0530 (Mon, 17 Sep 2012)\");\n script_cve_id(\"CVE-2012-3488\", \"CVE-2012-3489\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2012:1263\");\n script_name(\"CentOS Update for postgresql CESA-2012:1263 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.4.13~1.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "amazon": [{"lastseen": "2020-11-10T12:35:43", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "**Issue Overview:**\n\nIt was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations (XSLT). An unprivileged database user could use this flaw to read and write to local files (such as the database's configuration files) and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query. ([CVE-2012-3488 __](<https://access.redhat.com/security/cve/CVE-2012-3488>))\n\nIt was found that the \"xml\" data type allowed local files and remote URLs to be read with the privileges of the database server to resolve DTD and entity references in the provided XML. An unprivileged database user could use this flaw to read local files they would otherwise not have access to by issuing a specially-crafted SQL query. Note that the full contents of the files were not returned, but portions could be displayed to the user via error messages. ([CVE-2012-3489 __](<https://access.redhat.com/security/cve/CVE-2012-3489>))\n\n \n**Affected Packages:** \n\n\npostgresql8\n\n \n**Issue Correction:** \nRun _yum update postgresql8_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n postgresql8-debuginfo-8.4.13-1.37.amzn1.i686 \n postgresql8-plperl-8.4.13-1.37.amzn1.i686 \n postgresql8-pltcl-8.4.13-1.37.amzn1.i686 \n postgresql8-devel-8.4.13-1.37.amzn1.i686 \n postgresql8-plpython-8.4.13-1.37.amzn1.i686 \n postgresql8-8.4.13-1.37.amzn1.i686 \n postgresql8-server-8.4.13-1.37.amzn1.i686 \n postgresql8-contrib-8.4.13-1.37.amzn1.i686 \n postgresql8-libs-8.4.13-1.37.amzn1.i686 \n postgresql8-docs-8.4.13-1.37.amzn1.i686 \n postgresql8-test-8.4.13-1.37.amzn1.i686 \n \n src: \n postgresql8-8.4.13-1.37.amzn1.src \n \n x86_64: \n postgresql8-8.4.13-1.37.amzn1.x86_64 \n postgresql8-server-8.4.13-1.37.amzn1.x86_64 \n postgresql8-plpython-8.4.13-1.37.amzn1.x86_64 \n postgresql8-libs-8.4.13-1.37.amzn1.x86_64 \n postgresql8-docs-8.4.13-1.37.amzn1.x86_64 \n postgresql8-debuginfo-8.4.13-1.37.amzn1.x86_64 \n postgresql8-plperl-8.4.13-1.37.amzn1.x86_64 \n postgresql8-contrib-8.4.13-1.37.amzn1.x86_64 \n postgresql8-devel-8.4.13-1.37.amzn1.x86_64 \n postgresql8-pltcl-8.4.13-1.37.amzn1.x86_64 \n postgresql8-test-8.4.13-1.37.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-09-22T21:38:00", "published": "2012-09-22T21:38:00", "id": "ALAS-2012-129", "href": "https://alas.aws.amazon.com/ALAS-2012-129.html", "title": "Medium: postgresql8", "type": "amazon", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-11-10T12:35:13", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3488"], "description": "**Issue Overview:**\n\nThe libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue. \n\n \n**Affected Packages:** \n\n\npostgresql9\n\n \n**Issue Correction:** \nRun _yum update postgresql9_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n postgresql9-devel-9.1.5-1.23.amzn1.i686 \n postgresql9-docs-9.1.5-1.23.amzn1.i686 \n postgresql9-test-9.1.5-1.23.amzn1.i686 \n postgresql9-pltcl-9.1.5-1.23.amzn1.i686 \n postgresql9-9.1.5-1.23.amzn1.i686 \n postgresql9-debuginfo-9.1.5-1.23.amzn1.i686 \n postgresql9-plperl-9.1.5-1.23.amzn1.i686 \n postgresql9-plpython-9.1.5-1.23.amzn1.i686 \n postgresql9-contrib-9.1.5-1.23.amzn1.i686 \n postgresql9-server-9.1.5-1.23.amzn1.i686 \n postgresql9-libs-9.1.5-1.23.amzn1.i686 \n \n src: \n postgresql9-9.1.5-1.23.amzn1.src \n \n x86_64: \n postgresql9-devel-9.1.5-1.23.amzn1.x86_64 \n postgresql9-server-9.1.5-1.23.amzn1.x86_64 \n postgresql9-plperl-9.1.5-1.23.amzn1.x86_64 \n postgresql9-9.1.5-1.23.amzn1.x86_64 \n postgresql9-pltcl-9.1.5-1.23.amzn1.x86_64 \n postgresql9-libs-9.1.5-1.23.amzn1.x86_64 \n postgresql9-docs-9.1.5-1.23.amzn1.x86_64 \n postgresql9-test-9.1.5-1.23.amzn1.x86_64 \n postgresql9-debuginfo-9.1.5-1.23.amzn1.x86_64 \n postgresql9-contrib-9.1.5-1.23.amzn1.x86_64 \n postgresql9-plpython-9.1.5-1.23.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-09-04T10:23:00", "published": "2012-09-04T10:23:00", "id": "ALAS-2012-121", "href": "https://alas.aws.amazon.com/ALAS-2012-121.html", "title": "Medium: postgresql9", "type": "amazon", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:19:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2534-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nAugust 25, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : postgresql-8.4\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-3488 CVE-2012-3489\n\nTwo vulnerabilities related to XML processing were discovered in\nPostgreSQL, an SQL database.\n\nCVE-2012-3488\n\tcontrib/xml2's xslt_process() can be used to read and write\n\texternal files and URLs.\n\nCVE-2012-3489\n\txml_parse() fetches external files or URLs to resolve DTD and\n\tentity references in XML values.\n\nThis update removes the problematic functionality, potentially\nbreaking applications which use it in a legitimate way.\n\nDue to the natural of these vulnerabilities, it is possible that\nattackers who have only indirect address to the database can supply\ncrafted XML data which exploits this vulnerability.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 8.4.13-0squeeze1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 9.1.5-1 of the postgresql-9.1 package.\n\nWe recommend that you upgrade your postgresql-8.4 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-08-25T16:24:42", "published": "2012-08-25T16:24:42", "id": "DEBIAN:DSA-2534-1:75E4E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00175.html", "title": "[SECURITY] [DSA 2534-1] postgresql-8.4 security update", "type": "debian", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:47", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3489", "CVE-2012-3488"], "description": "\nThe PostgreSQL Global Development Group reports:\n\nThe PostgreSQL Global Development Group today released\n\t security updates for all active branches of the PostgreSQL\n\t database system, including versions 9.1.5, 9.0.9, 8.4.13 and\n\t 8.3.20. This update patches security holes associated with\n\t libxml2 and libxslt, similar to those affecting other open\n\t source projects. All users are urged to update their\n\t installations at the first available opportunity\nUsers who are relying on the built-in XML functionality to\n\t validate external DTDs will need to implement a workaround, as\n\t this security patch disables that functionality. Users who are\n\t using xslt_process() to fetch documents or stylesheets from\n\t external URLs will no longer be able to do so. The PostgreSQL\n\t project regrets the need to disable both of these features in\n\t order to maintain our security standards. These security issues\n\t with XML are substantially similar to issues patched recently\n\t by the Webkit (CVE-2011-1774), XMLsec (CVE-2011-1425) and PHP5\n\t (CVE-2012-0057) projects.\n\n", "edition": 4, "modified": "2012-08-17T00:00:00", "published": "2012-08-17T00:00:00", "id": "07234E78-E899-11E1-B38D-0023AE8E59F0", "href": "https://vuxml.freebsd.org/freebsd/07234e78-e899-11e1-b38d-0023ae8e59f0.html", "title": "databases/postgresql*-server -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2143", "CVE-2012-2655", "CVE-2012-3488", "CVE-2012-3489"], "description": "PostgreSQL is an advanced Object-Relational database management system (DBM S). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. ", "modified": "2012-08-26T00:26:12", "published": "2012-08-26T00:26:12", "id": "FEDORA:395CD20919", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: postgresql-9.1.5-1.fc17", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2143", "CVE-2012-2655", "CVE-2012-3488", "CVE-2012-3489", "CVE-2013-0255"], "description": "PostgreSQL is an advanced Object-Relational database management system (DBM S). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. ", "modified": "2013-02-17T03:30:04", "published": "2013-02-17T03:30:04", "id": "FEDORA:8ECC221371", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: postgresql-9.1.8-1.fc17", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0866", "CVE-2012-0867", "CVE-2012-0868", "CVE-2012-2143", "CVE-2012-2655", "CVE-2012-3488", "CVE-2012-3489"], "description": "PostgreSQL is an advanced Object-Relational database management system (DBM S). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. ", "modified": "2012-08-26T00:21:52", "published": "2012-08-26T00:21:52", "id": "FEDORA:D603620A52", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: postgresql-9.1.5-1.fc16", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2143", "CVE-2012-2655", "CVE-2012-3488", "CVE-2012-3489", "CVE-2013-0255", "CVE-2013-1899", "CVE-2013-1900", "CVE-2013-1901"], "description": "PostgreSQL is an advanced Object-Relational database management system (DBM S). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. ", "modified": "2013-04-05T23:11:53", "published": "2013-04-05T23:11:53", "id": "FEDORA:DCB782141F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: postgresql-9.1.9-1.fc17", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:49:33", "description": "Bugtraq ID:55074\r\nCVE ID: CVE-2012-3489\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\nPostgreSQL\u89e3\u6790XML\u6587\u6863\u4e2d\u7684DTD\u6570\u636e\u65f6"xml_parse()"\u51fd\u6570\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u88ab\u5229\u7528\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\n0\nPostgreSQL 8.x\r\nPostgreSQL 9.x\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\nPostgreSQL 9.1.5, 9.0.9, 8.4.13\u62168.3.20\u5df2\u7ecf\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.postgresql.org", "published": "2012-08-21T00:00:00", "type": "seebug", "title": "PostgreSQL 'xml_parse()'\u4efb\u610f\u6587\u4ef6\u8bbf\u95ee\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-3489"], "modified": "2012-08-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60335", "id": "SSV:60335", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T17:54:18", "description": "Bugtraq ID:55072\r\nCVE ID: CVE-2012-3488\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\nPostgreSQL\u89e3\u6790XSLT\u6837\u5f0f\u8868\u65f6"xslt_process()"\u51fd\u6570\u5b58\u5728\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u521b\u5efa\u6216\u8986\u76d6\u4efb\u610f\u6587\u4ef6\u3002\n0\nPostgreSQL 8.x\r\nPostgreSQL 9.x\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\nPostgreSQL 9.1.5, 9.0.9, 8.4.13\u62168.3.20\u5df2\u7ecf\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.postgresql.org", "published": "2012-08-21T00:00:00", "type": "seebug", "title": "PostgreSQL 'xslt_process()'\u4efb\u610f\u6587\u4ef6\u521b\u5efa\u6216\u8986\u76d6\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-3488"], "modified": "2012-08-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60334", "id": "SSV:60334", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:54", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0867", "CVE-2012-3489", "CVE-2012-2143", "CVE-2012-3488", "CVE-2012-2655", "CVE-2012-0866", "CVE-2012-0868"], "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could spoof SSL connections. Furthermore, a remote authenticated attacker could cause a Denial of Service, read and write arbitrary files, inject SQL commands into dump scripts, or bypass database restrictions to execute database functions. \n\nA context-dependent attacker could more easily obtain access via authentication attempts with an initial substring of the intended password. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PostgreSQL 9.1 server users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-server-9.1.5\"\n \n\nAll PostgreSQL 9.0 server users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-server-9.0.9\"\n \n\nAll PostgreSQL 8.4 server users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-server-8.4.13\"\n \n\nAll PostgreSQL 8.3 server users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-server-8.3.20\"", "edition": 1, "modified": "2014-01-20T00:00:00", "published": "2012-09-28T00:00:00", "id": "GLSA-201209-24", "href": "https://security.gentoo.org/glsa/201209-24", "type": "gentoo", "title": "PostgreSQL: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
