{"cve": [{"lastseen": "2019-05-29T18:09:58", "bulletinFamily": "NVD", "description": "Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.", "modified": "2017-09-29T01:34:00", "id": "CVE-2009-1341", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1341", "published": "2009-04-30T20:30:00", "title": "CVE-2009-1341", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:09:57", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.", "modified": "2017-09-29T01:33:00", "id": "CVE-2009-0663", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0663", "published": "2009-04-30T20:30:00", "title": "CVE-2009-0663", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:22", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1780-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nApril 28, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : libdbd-pg-perl\nVulnerability : several\nProblem type : local (remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-0663 CVE-2009-134\n\nTwo vulnerabilities have been discovered in libdbd-pg-perl, the DBI\ndriver module for PostgreSQL database access (DBD::Pg).\n\nCVE-2009-0663\n\n A heap-based buffer overflow may allow attackers to execute arbitrary\n code through applications which read rows from the database using the\n pg_getline and getline functions. (More common retrieval methods,\n such as selectall_arrayref and fetchrow_array, are not affected.)\n\nCVE-2009-1341\n\n A memory leak in the routine which unquotes BYTEA values returned from\n the database allows attackers to cause a denial of service.\n\nFor the old stable distribution (etch), these problems have been fixed\nin version 1.49-2+etch1.\n\nFor the stable distribution (lenny) and the unstable distribution (sid),\nthese problems have been fixed in version 2.1.3-1 before the release of\nlenny.\n\nWe recommend that you upgrade your libdbd-pg-perl package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49.orig.tar.gz\n Size/MD5 checksum: 147310 76b9d6a2f4cbaefcba23380f83998215\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz\n Size/MD5 checksum: 7869 56a99e2007bf916001c3f25e666b5eb1\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.dsc\n Size/MD5 checksum: 1137 27572a9adacd09243cbc9a6cbd8b32cf\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_amd64.deb\n Size/MD5 checksum: 131228 f4c6b39a15df7b264e4fec6c84348a00\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_arm.deb\n Size/MD5 checksum: 125596 071c0261e3c53c0c58d7c49deda91c4d\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_hppa.deb\n Size/MD5 checksum: 136324 c523cf9f116595cf92087694018eeaeb\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_i386.deb\n Size/MD5 checksum: 128756 99639a5e94713216d7ab656569c3a1d9\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_ia64.deb\n Size/MD5 checksum: 155694 5cc52a6a7a2f20659a7c1a0a2202b4c9\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_mips.deb\n Size/MD5 checksum: 116780 da0d63d78a9b71edf49a49d9ca931887\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_mipsel.deb\n Size/MD5 checksum: 116568 e23a1521db5192b9029d67c8f05bfd8f\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_powerpc.deb\n Size/MD5 checksum: 131058 2dfd7e0569b0b712dcdc195788a86c9b\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_s390.deb\n Size/MD5 checksum: 123850 a42d01e742d27217d859c883c2a38ef1\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_sparc.deb\n Size/MD5 checksum: 129566 f4194cffcb723109eea117e1397d1e43\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-04-28T18:35:01", "published": "2009-04-28T18:35:01", "id": "DEBIAN:DSA-1780-1:47506", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00091.html", "title": "[SECURITY] [DSA 1780-1] New libdbd-pg-perl packages fix potential code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:34", "bulletinFamily": "unix", "description": "Perl DBI is a database access Application Programming Interface (API) for\nthe Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline function\nimplementation. If the pg_getline or getline functions read large,\nuntrusted records from a database, it could cause an application using\nthese functions to crash or, possibly, execute arbitrary code.\n(CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data than\nspecified by its second argument, as this argument will be ignored. This is\nconsistent with current upstream behavior. Previously, the length limit\n(the second argument) was not enforced, allowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting of\nBYTEA type values acquired from a database. An attacker able to cause an\napplication using perl-DBD-Pg to perform a large number of SQL queries\nreturning BYTEA records, could cause the application to use excessive\namounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated package,\nwhich contains backported patches to fix these issues. Applications using\nperl-DBD-Pg must be restarted for the update to take effect.", "modified": "2017-09-08T11:54:42", "published": "2009-05-13T04:00:00", "id": "RHSA-2009:0479", "href": "https://access.redhat.com/errata/RHSA-2009:0479", "type": "redhat", "title": "(RHSA-2009:0479) Moderate: perl-DBD-Pg security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:39", "bulletinFamily": "unix", "description": "Red Hat Application Stack v2.3 is an integrated open source application\nstack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise\nApplication Platform (EAP). JBoss EAP is provided through the JBoss EAP\nchannels on the Red Hat Network.\n\nThis update fixes the following security issues:\n\nA heap-based buffer overflow flaw was discovered in the perl-DBD-Pg\npg_getline function implementation. If the pg_getline or getline functions\nread large, untrusted records from a database, it could cause an\napplication using these functions to crash or, possibly, execute arbitrary\ncode. (CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data than\nspecified by its second argument, as this argument will be ignored. This is\nconsistent with current upstream behavior. Previously, the length limit\n(the second argument) was not enforced, allowing a buffer overflow.\n\nA memory leak flaw was found in the perl-DBD-Pg function performing the\nde-quoting of BYTEA type values acquired from a database. An attacker able\nto cause an application using perl-DBD-Pg to perform a large number of SQL\nqueries returning BYTEA records, could cause the application to use\nexcessive amounts of memory or, possibly, crash. (CVE-2009-1341)\n\nMySQL was updated to version 5.0.79, fixing the following security issues:\n\nA flaw was found in the way MySQL handles an empty bit-string literal. A\nremote, authenticated attacker could crash the MySQL server daemon (mysqld)\nif they used an empty bit-string literal in an SQL statement. This issue\nonly caused a temporary denial of service, as the MySQL daemon was\nautomatically restarted after the crash. (CVE-2008-3963)\n\nIt was discovered that the Red Hat Security Advisory RHSA-2008:0505, for\nRed Hat Application Stack v2.1, provided an incomplete fix for the flaw\nwhere MySQL did not correctly check directories used as arguments for the\nDATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an\nauthenticated attacker could elevate their access privileges to tables\ncreated by other database users. Note: This attack does not work on\nexisting tables. An attacker can only elevate their access to another\nuser's tables as the tables are created. As well, the names of these\ncreated tables need to be predicted correctly for this attack to succeed.\n(CVE-2008-4098)\n\nPostgreSQL was updated to version 8.2.13, fixing the following security\nissue:\n\nA flaw was found in the way PostgreSQL handles encoding conversion. A\nremote, authenticated user could trigger an encoding conversion failure,\npossibly leading to a temporary denial of service. (CVE-2009-0922)\n\nAlso, the following packages have been updated:\n\n* httpd to 2.2.11\n* mysql-connector-odbc to 3.51.27r695\n* perl-DBD-MySQL to 4.010-1.el5s2\n* php to 5.2.9\n* postgresql-jdbc to 8.2.509\n* postgresqlclient81 to 8.1.17\n\nAll users should upgrade to these updated packages, which resolve these\nissues. Users must restart the individual services, including postgresql,\nmysqld, and httpd, for this update to take effect.", "modified": "2019-03-22T23:44:33", "published": "2009-05-26T04:00:00", "id": "RHSA-2009:1067", "href": "https://access.redhat.com/errata/RHSA-2009:1067", "type": "redhat", "title": "(RHSA-2009:1067) Moderate: Red Hat Application Stack v2.3 security and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-04-06T11:39:50", "bulletinFamily": "scanner", "description": "The remote host is missing updates to perl-DBD-Pg announced in\nadvisory CESA-2009:0479.", "modified": "2018-04-06T00:00:00", "published": "2009-05-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064015", "id": "OPENVAS:136141256231064015", "title": "CentOS Security Advisory CESA-2009:0479 (perl-DBD-Pg)", "type": "openvas", "sourceData": "#CESA-2009:0479 64015 2\n# $Id: ovcesa2009_0479.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0479 (perl-DBD-Pg)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0479\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0479\nhttps://rhn.redhat.com/errata/RHSA-2009-0479.html\";\ntag_summary = \"The remote host is missing updates to perl-DBD-Pg announced in\nadvisory CESA-2009:0479.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64015\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0479 (perl-DBD-Pg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"perl-DBD-Pg\", rpm:\"perl-DBD-Pg~1.49~2.el5_3.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880763", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880763", "title": "CentOS Update for perl-DBD-Pg CESA-2009:0479 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for perl-DBD-Pg CESA-2009:0479 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015877.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880763\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:0479\");\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_name(\"CentOS Update for perl-DBD-Pg CESA-2009:0479 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'perl-DBD-Pg'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"perl-DBD-Pg on CentOS 5\");\n script_tag(name:\"insight\", value:\"Perl DBI is a database access Application Programming Interface (API) for\n the Perl language. perl-DBD-Pg allows Perl applications to access\n PostgreSQL database servers.\n\n A heap-based buffer overflow flaw was discovered in the pg_getline function\n implementation. If the pg_getline or getline functions read large,\n untrusted records from a database, it could cause an application using\n these functions to crash or, possibly, execute arbitrary code.\n (CVE-2009-0663)\n\n Note: After installing this update, pg_getline may return more data than\n specified by its second argument, as this argument will be ignored. This is\n consistent with current upstream behavior. Previously, the length limit\n (the second argument) was not enforced, allowing a buffer overflow.\n\n A memory leak flaw was found in the function performing the de-quoting of\n BYTEA type values acquired from a database. An attacker able to cause an\n application using perl-DBD-Pg to perform a large number of SQL queries\n returning BYTEA records, could cause the application to use excessive\n amounts of memory or, possibly, crash. (CVE-2009-1341)\n\n All users of perl-DBD-Pg are advised to upgrade to this updated package,\n which contains backported patches to fix these issues. Applications using\n perl-DBD-Pg must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-DBD-Pg\", rpm:\"perl-DBD-Pg~1.49~2.el5_3.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:37:32", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0479.\n\nPerl DBI is a database access Application Programming Interface (API) for\nthe Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline function\nimplementation. If the pg_getline or getline functions read large,\nuntrusted records from a database, it could cause an application using\nthese functions to crash or, possibly, execute arbitrary code.\n(CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data than\nspecified by its second argument, as this argument will be ignored. This is\nconsistent with current upstream behavior. Previously, the length limit\n(the second argument) was not enforced, allowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting of\nBYTEA type values acquired from a database. An attacker able to cause an\napplication using perl-DBD-Pg to perform a large number of SQL queries\nreturning BYTEA records, could cause the application to use excessive\namounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated package,\nwhich contains backported patches to fix these issues. Applications using\nperl-DBD-Pg must be restarted for the update to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-05-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063974", "id": "OPENVAS:136141256231063974", "title": "RedHat Security Advisory RHSA-2009:0479", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0479.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0479 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0479.\n\nPerl DBI is a database access Application Programming Interface (API) for\nthe Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline function\nimplementation. If the pg_getline or getline functions read large,\nuntrusted records from a database, it could cause an application using\nthese functions to crash or, possibly, execute arbitrary code.\n(CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data than\nspecified by its second argument, as this argument will be ignored. This is\nconsistent with current upstream behavior. Previously, the length limit\n(the second argument) was not enforced, allowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting of\nBYTEA type values acquired from a database. An attacker able to cause an\napplication using perl-DBD-Pg to perform a large number of SQL queries\nreturning BYTEA records, could cause the application to use excessive\namounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated package,\nwhich contains backported patches to fix these issues. Applications using\nperl-DBD-Pg must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63974\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0479\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0479.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"perl-DBD-Pg\", rpm:\"perl-DBD-Pg~1.49~2.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-DBD-Pg-debuginfo\", rpm:\"perl-DBD-Pg-debuginfo~1.49~2.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:19", "bulletinFamily": "scanner", "description": "Check for the Version of perl-DBD-Pg", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880763", "id": "OPENVAS:880763", "title": "CentOS Update for perl-DBD-Pg CESA-2009:0479 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for perl-DBD-Pg CESA-2009:0479 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Perl DBI is a database access Application Programming Interface (API) for\n the Perl language. perl-DBD-Pg allows Perl applications to access\n PostgreSQL database servers.\n\n A heap-based buffer overflow flaw was discovered in the pg_getline function\n implementation. If the pg_getline or getline functions read large,\n untrusted records from a database, it could cause an application using\n these functions to crash or, possibly, execute arbitrary code.\n (CVE-2009-0663)\n \n Note: After installing this update, pg_getline may return more data than\n specified by its second argument, as this argument will be ignored. This is\n consistent with current upstream behavior. Previously, the length limit\n (the second argument) was not enforced, allowing a buffer overflow.\n \n A memory leak flaw was found in the function performing the de-quoting of\n BYTEA type values acquired from a database. An attacker able to cause an\n application using perl-DBD-Pg to perform a large number of SQL queries\n returning BYTEA records, could cause the application to use excessive\n amounts of memory or, possibly, crash. (CVE-2009-1341)\n \n All users of perl-DBD-Pg are advised to upgrade to this updated package,\n which contains backported patches to fix these issues. Applications using\n perl-DBD-Pg must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"perl-DBD-Pg on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015877.html\");\n script_id(880763);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0479\");\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_name(\"CentOS Update for perl-DBD-Pg CESA-2009:0479 centos5 i386\");\n\n script_summary(\"Check for the Version of perl-DBD-Pg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-DBD-Pg\", rpm:\"perl-DBD-Pg~1.49~2.el5_3.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:07", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2009-0479", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122486", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122486", "title": "Oracle Linux Local Check: ELSA-2009-0479", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-0479.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122486\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:46:27 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-0479\");\n script_tag(name:\"insight\", value:\"ELSA-2009-0479 - perl-DBD-Pg security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-0479\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-0479.html\");\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"perl-DBD-Pg\", rpm:\"perl-DBD-Pg~1.49~2.el5_3.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:40:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update to libdbd-pg-perl\nannounced via advisory DSA 1780-1.", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063933", "id": "OPENVAS:136141256231063933", "type": "openvas", "title": "Debian Security Advisory DSA 1780-1 (libdbd-pg-perl)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1780_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1780-1 (libdbd-pg-perl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two vulnerabilities have been discovered in libdbd-pg-perl, the DBI\ndriver module for PostgreSQL database access (DBD::Pg).\n\nCVE-2009-0663\n\nA heap-based buffer overflow may allow attackers to execute arbitrary\ncode through applications which read rows from the database using the\npg_getline and getline functions. (More common retrieval methods,\nsuch as selectall_arrayref and fetchrow_array, are not affected.)\n\nCVE-2009-1341\n\nA memory leak in the routine which unquotes BYTEA values returned from\nthe database allows attackers to cause a denial of service.\n\nFor the old stable distribution (etch), these problems have been fixed\nin version 1.49-2+etch1.\n\nFor the stable distribution (lenny) and the unstable distribution (sid),\nthese problems have been fixed in version 2.1.3-1 before the release of\nlenny.\n\nWe recommend that you upgrade your libdbd-pg-perl package.\";\ntag_summary = \"The remote host is missing an update to libdbd-pg-perl\nannounced via advisory DSA 1780-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201780-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63933\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1780-1 (libdbd-pg-perl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libdbd-pg-perl\", ver:\"1.49-2+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update to perl-DBD-Pg\nannounced via advisory MDVSA-2009:344.", "modified": "2017-07-06T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66552", "id": "OPENVAS:66552", "title": "Mandriva Security Advisory MDVSA-2009:344 (perl-DBD-Pg)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_344.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:344 (perl-DBD-Pg)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg:\n\nHeap-based buffer overflow in the DBD::Pg module for Perl might allow\ncontext-dependent attackers to execute arbitrary code via unspecified\ninput to an application that uses the getline and pg_getline functions\nto read database rows.\n\nMemory leak in the dequote_bytea function in quote.c in the DBD::Pg\n(aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows\ncontext-dependent attackers to cause a denial of service (memory\nconsumption) by fetching data with BYTEA columns (CVE-2009-1341).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThis update provides a fix for these vulnerabilities.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:344\";\ntag_summary = \"The remote host is missing an update to perl-DBD-Pg\nannounced via advisory MDVSA-2009:344.\";\n\n \n\nif(description)\n{\n script_id(66552);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-1341\", \"CVE-2009-0663\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:344 (perl-DBD-Pg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"perl-DBD-Pg\", rpm:\"perl-DBD-Pg~1.49~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to perl-DBD-Pg\nannounced via advisory MDVSA-2009:344.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066552", "id": "OPENVAS:136141256231066552", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:344 (perl-DBD-Pg)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_344.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:344 (perl-DBD-Pg)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg:\n\nHeap-based buffer overflow in the DBD::Pg module for Perl might allow\ncontext-dependent attackers to execute arbitrary code via unspecified\ninput to an application that uses the getline and pg_getline functions\nto read database rows.\n\nMemory leak in the dequote_bytea function in quote.c in the DBD::Pg\n(aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows\ncontext-dependent attackers to cause a denial of service (memory\nconsumption) by fetching data with BYTEA columns (CVE-2009-1341).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThis update provides a fix for these vulnerabilities.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:344\";\ntag_summary = \"The remote host is missing an update to perl-DBD-Pg\nannounced via advisory MDVSA-2009:344.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66552\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-1341\", \"CVE-2009-0663\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:344 (perl-DBD-Pg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"perl-DBD-Pg\", rpm:\"perl-DBD-Pg~1.49~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:44", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0479.\n\nPerl DBI is a database access Application Programming Interface (API) for\nthe Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline function\nimplementation. If the pg_getline or getline functions read large,\nuntrusted records from a database, it could cause an application using\nthese functions to crash or, possibly, execute arbitrary code.\n(CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data than\nspecified by its second argument, as this argument will be ignored. This is\nconsistent with current upstream behavior. Previously, the length limit\n(the second argument) was not enforced, allowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting of\nBYTEA type values acquired from a database. An attacker able to cause an\napplication using perl-DBD-Pg to perform a large number of SQL queries\nreturning BYTEA records, could cause the application to use excessive\namounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated package,\nwhich contains backported patches to fix these issues. Applications using\nperl-DBD-Pg must be restarted for the update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-05-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63974", "id": "OPENVAS:63974", "title": "RedHat Security Advisory RHSA-2009:0479", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0479.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0479 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0479.\n\nPerl DBI is a database access Application Programming Interface (API) for\nthe Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline function\nimplementation. If the pg_getline or getline functions read large,\nuntrusted records from a database, it could cause an application using\nthese functions to crash or, possibly, execute arbitrary code.\n(CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data than\nspecified by its second argument, as this argument will be ignored. This is\nconsistent with current upstream behavior. Previously, the length limit\n(the second argument) was not enforced, allowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting of\nBYTEA type values acquired from a database. An attacker able to cause an\napplication using perl-DBD-Pg to perform a large number of SQL queries\nreturning BYTEA records, could cause the application to use excessive\namounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated package,\nwhich contains backported patches to fix these issues. Applications using\nperl-DBD-Pg must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63974);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0479\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0479.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"perl-DBD-Pg\", rpm:\"perl-DBD-Pg~1.49~2.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"perl-DBD-Pg-debuginfo\", rpm:\"perl-DBD-Pg-debuginfo~1.49~2.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:56", "bulletinFamily": "scanner", "description": "The remote host is missing updates to perl-DBD-Pg announced in\nadvisory CESA-2009:0479.", "modified": "2017-07-10T00:00:00", "published": "2009-05-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64015", "id": "OPENVAS:64015", "title": "CentOS Security Advisory CESA-2009:0479 (perl-DBD-Pg)", "type": "openvas", "sourceData": "#CESA-2009:0479 64015 2\n# $Id: ovcesa2009_0479.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0479 (perl-DBD-Pg)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0479\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0479\nhttps://rhn.redhat.com/errata/RHSA-2009-0479.html\";\ntag_summary = \"The remote host is missing updates to perl-DBD-Pg announced in\nadvisory CESA-2009:0479.\";\n\n\n\nif(description)\n{\n script_id(64015);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0479 (perl-DBD-Pg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"perl-DBD-Pg\", rpm:\"perl-DBD-Pg~1.49~2.el5_3.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:24:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:0479\n\n\nPerl DBI is a database access Application Programming Interface (API) for\nthe Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline function\nimplementation. If the pg_getline or getline functions read large,\nuntrusted records from a database, it could cause an application using\nthese functions to crash or, possibly, execute arbitrary code.\n(CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data than\nspecified by its second argument, as this argument will be ignored. This is\nconsistent with current upstream behavior. Previously, the length limit\n(the second argument) was not enforced, allowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting of\nBYTEA type values acquired from a database. An attacker able to cause an\napplication using perl-DBD-Pg to perform a large number of SQL queries\nreturning BYTEA records, could cause the application to use excessive\namounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated package,\nwhich contains backported patches to fix these issues. Applications using\nperl-DBD-Pg must be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027915.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027916.html\n\n**Affected packages:**\nperl-DBD-Pg\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0479.html", "modified": "2009-05-19T15:03:41", "published": "2009-05-19T15:03:40", "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/027915.html", "id": "CESA-2009:0479", "title": "perl security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-01-01T00:18:03", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg :\n\nHeap-based buffer overflow in the DBD::Pg module for Perl might allow\ncontext-dependent attackers to execute arbitrary code via unspecified\ninput to an application that uses the getline and pg_getline functions\nto read database rows.\n\nMemory leak in the dequote_bytea function in quote.c in the DBD::Pg\n(aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows\ncontext-dependent attackers to cause a denial of service (memory\nconsumption) by fetching data with BYTEA columns (CVE-2009-1341).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThis update provides a fix for these vulnerabilities.", "modified": "2020-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2009-344.NASL", "href": "https://www.tenable.com/plugins/nessus/43609", "published": "2009-12-29T00:00:00", "title": "Mandriva Linux Security Advisory : perl-DBD-Pg (MDVSA-2009:344)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:344. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43609);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:52\");\n\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_bugtraq_id(34755, 34757);\n script_xref(name:\"MDVSA\", value:\"2009:344\");\n\n script_name(english:\"Mandriva Linux Security Advisory : perl-DBD-Pg (MDVSA-2009:344)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg :\n\nHeap-based buffer overflow in the DBD::Pg module for Perl might allow\ncontext-dependent attackers to execute arbitrary code via unspecified\ninput to an application that uses the getline and pg_getline functions\nto read database rows.\n\nMemory leak in the dequote_bytea function in quote.c in the DBD::Pg\n(aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows\ncontext-dependent attackers to cause a denial of service (memory\nconsumption) by fetching data with BYTEA columns (CVE-2009-1341).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThis update provides a fix for these vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-DBD-Pg package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-DBD-Pg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"perl-DBD-Pg-1.49-2.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T02:11:06", "bulletinFamily": "scanner", "description": "This update of perl-DBD-Pg fixes a heap-based buffer overflow in\nfunction pg_db_getline() (CVE-2009-0663) and a denial of service bug\nthat could be triggered remotely (CVE-2009-1341).", "modified": "2020-01-02T00:00:00", "id": "SUSE_PERL-DBD-PG-6227.NASL", "href": "https://www.tenable.com/plugins/nessus/39434", "published": "2009-06-17T00:00:00", "title": "openSUSE 10 Security Update : perl-DBD-Pg (perl-DBD-Pg-6227)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update perl-DBD-Pg-6227.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39434);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n\n script_name(english:\"openSUSE 10 Security Update : perl-DBD-Pg (perl-DBD-Pg-6227)\");\n script_summary(english:\"Check for the perl-DBD-Pg-6227 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of perl-DBD-Pg fixes a heap-based buffer overflow in\nfunction pg_db_getline() (CVE-2009-0663) and a denial of service bug\nthat could be triggered remotely (CVE-2009-1341).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-DBD-Pg package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-DBD-Pg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"perl-DBD-Pg-1.49-76.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-DBD-Pg\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T01:13:22", "bulletinFamily": "scanner", "description": "An updated perl-DBD-Pg package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPerl DBI is a database access Application Programming Interface (API)\nfor the Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline\nfunction implementation. If the pg_getline or getline functions read\nlarge, untrusted records from a database, it could cause an\napplication using these functions to crash or, possibly, execute\narbitrary code. (CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data\nthan specified by its second argument, as this argument will be\nignored. This is consistent with current upstream behavior.\nPreviously, the length limit (the second argument) was not enforced,\nallowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting\nof BYTEA type values acquired from a database. An attacker able to\ncause an application using perl-DBD-Pg to perform a large number of\nSQL queries returning BYTEA records, could cause the application to\nuse excessive amounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated\npackage, which contains backported patches to fix these issues.\nApplications using perl-DBD-Pg must be restarted for the update to\ntake effect.", "modified": "2020-01-02T00:00:00", "id": "REDHAT-RHSA-2009-0479.NASL", "href": "https://www.tenable.com/plugins/nessus/38768", "published": "2009-05-14T00:00:00", "title": "RHEL 5 : perl-DBD-Pg (RHSA-2009:0479)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0479. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38768);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2019/10/25 13:36:14\");\n\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_bugtraq_id(34755, 34757);\n script_xref(name:\"RHSA\", value:\"2009:0479\");\n\n script_name(english:\"RHEL 5 : perl-DBD-Pg (RHSA-2009:0479)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated perl-DBD-Pg package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPerl DBI is a database access Application Programming Interface (API)\nfor the Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline\nfunction implementation. If the pg_getline or getline functions read\nlarge, untrusted records from a database, it could cause an\napplication using these functions to crash or, possibly, execute\narbitrary code. (CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data\nthan specified by its second argument, as this argument will be\nignored. This is consistent with current upstream behavior.\nPreviously, the length limit (the second argument) was not enforced,\nallowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting\nof BYTEA type values acquired from a database. An attacker able to\ncause an application using perl-DBD-Pg to perform a large number of\nSQL queries returning BYTEA records, could cause the application to\nuse excessive amounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated\npackage, which contains backported patches to fix these issues.\nApplications using perl-DBD-Pg must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0479\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-DBD-Pg package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-DBD-Pg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0479\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"perl-DBD-Pg-1.49-2.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"perl-DBD-Pg-1.49-2.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"perl-DBD-Pg-1.49-2.el5_3.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-DBD-Pg\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T06:41:54", "bulletinFamily": "scanner", "description": "An updated perl-DBD-Pg package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPerl DBI is a database access Application Programming Interface (API)\nfor the Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline\nfunction implementation. If the pg_getline or getline functions read\nlarge, untrusted records from a database, it could cause an\napplication using these functions to crash or, possibly, execute\narbitrary code. (CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data\nthan specified by its second argument, as this argument will be\nignored. This is consistent with current upstream behavior.\nPreviously, the length limit (the second argument) was not enforced,\nallowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting\nof BYTEA type values acquired from a database. An attacker able to\ncause an application using perl-DBD-Pg to perform a large number of\nSQL queries returning BYTEA records, could cause the application to\nuse excessive amounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated\npackage, which contains backported patches to fix these issues.\nApplications using perl-DBD-Pg must be restarted for the update to\ntake effect.", "modified": "2020-01-02T00:00:00", "id": "CENTOS_RHSA-2009-0479.NASL", "href": "https://www.tenable.com/plugins/nessus/43747", "published": "2010-01-06T00:00:00", "title": "CentOS 5 : perl-DBD-Pg (CESA-2009:0479)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0479 and \n# CentOS Errata and Security Advisory 2009:0479 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43747);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:04\");\n\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_bugtraq_id(34755, 34757);\n script_xref(name:\"RHSA\", value:\"2009:0479\");\n\n script_name(english:\"CentOS 5 : perl-DBD-Pg (CESA-2009:0479)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated perl-DBD-Pg package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPerl DBI is a database access Application Programming Interface (API)\nfor the Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline\nfunction implementation. If the pg_getline or getline functions read\nlarge, untrusted records from a database, it could cause an\napplication using these functions to crash or, possibly, execute\narbitrary code. (CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data\nthan specified by its second argument, as this argument will be\nignored. This is consistent with current upstream behavior.\nPreviously, the length limit (the second argument) was not enforced,\nallowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting\nof BYTEA type values acquired from a database. An attacker able to\ncause an application using perl-DBD-Pg to perform a large number of\nSQL queries returning BYTEA records, could cause the application to\nuse excessive amounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated\npackage, which contains backported patches to fix these issues.\nApplications using perl-DBD-Pg must be restarted for the update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015877.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f22144df\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015878.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a054125d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-dbd-pg package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-DBD-Pg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"perl-DBD-Pg-1.49-2.el5_3.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-DBD-Pg\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T06:51:47", "bulletinFamily": "scanner", "description": "Two vulnerabilities have been discovered in libdbd-pg-perl, the DBI\ndriver module for PostgreSQL database access (DBD::Pg).\n\n - CVE-2009-0663\n A heap-based buffer overflow may allow attackers to\n execute arbitrary code through applications which read\n rows from the database using the pg_getline and getline\n functions. (More common retrieval methods, such as\n selectall_arrayref and fetchrow_array, are not\n affected.)\n\n - CVE-2009-1341\n A memory leak in the routine which unquotes BYTEA values\n returned from the database allows attackers to cause a\n denial of service.", "modified": "2020-01-02T00:00:00", "id": "DEBIAN_DSA-1780.NASL", "href": "https://www.tenable.com/plugins/nessus/38202", "published": "2009-04-29T00:00:00", "title": "Debian DSA-1780-1 : libdbd-pg-perl - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1780. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38202);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:22\");\n\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_xref(name:\"DSA\", value:\"1780\");\n\n script_name(english:\"Debian DSA-1780-1 : libdbd-pg-perl - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities have been discovered in libdbd-pg-perl, the DBI\ndriver module for PostgreSQL database access (DBD::Pg).\n\n - CVE-2009-0663\n A heap-based buffer overflow may allow attackers to\n execute arbitrary code through applications which read\n rows from the database using the pg_getline and getline\n functions. (More common retrieval methods, such as\n selectall_arrayref and fetchrow_array, are not\n affected.)\n\n - CVE-2009-1341\n A memory leak in the routine which unquotes BYTEA values\n returned from the database allows attackers to cause a\n denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1341\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1780\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libdbd-pg-perl package.\n\nFor the old stable distribution (etch), these problems have been fixed\nin version 1.49-2+etch1.\n\nFor the stable distribution (lenny) and the unstable distribution\n(sid), these problems have been fixed in version 2.1.3-1 before the\nrelease of lenny.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libdbd-pg-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libdbd-pg-perl\", reference:\"1.49-2+etch1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libdbd-pg-perl\", reference:\"2.1.3-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T01:37:10", "bulletinFamily": "scanner", "description": "A heap-based buffer overflow flaw was discovered in the pg_getline\nfunction implementation. If the pg_getline or getline functions read\nlarge, untrusted records from a database, it could cause an\napplication using these functions to crash or, possibly, execute\narbitrary code. (CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data\nthan specified by its second argument, as this argument will be\nignored. This is consistent with current upstream behavior.\nPreviously, the length limit (the second argument) was not enforced,\nallowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting\nof BYTEA type values acquired from a database. An attacker able to\ncause an application using perl-DBD-Pg to perform a large number of\nSQL queries returning BYTEA records, could cause the application to\nuse excessive amounts of memory or, possibly, crash. (CVE-2009-1341)\n\nApplications using perl-DBD-Pg must be restarted for the update to\ntake effect.", "modified": "2020-01-02T00:00:00", "id": "SL_20090513_PERL_DBD_PG_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60583", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : perl-DBD-Pg on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60583);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:18\");\n\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n\n script_name(english:\"Scientific Linux Security Update : perl-DBD-Pg on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow flaw was discovered in the pg_getline\nfunction implementation. If the pg_getline or getline functions read\nlarge, untrusted records from a database, it could cause an\napplication using these functions to crash or, possibly, execute\narbitrary code. (CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data\nthan specified by its second argument, as this argument will be\nignored. This is consistent with current upstream behavior.\nPreviously, the length limit (the second argument) was not enforced,\nallowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting\nof BYTEA type values acquired from a database. An attacker able to\ncause an application using perl-DBD-Pg to perform a large number of\nSQL queries returning BYTEA records, could cause the application to\nuse excessive amounts of memory or, possibly, crash. (CVE-2009-1341)\n\nApplications using perl-DBD-Pg must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0905&L=scientific-linux-errata&T=0&P=1157\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?962a7132\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-DBD-Pg package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"perl-DBD-Pg-1.49-2.el5_3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-01T01:01:00", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2009:0479 :\n\nAn updated perl-DBD-Pg package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPerl DBI is a database access Application Programming Interface (API)\nfor the Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline\nfunction implementation. If the pg_getline or getline functions read\nlarge, untrusted records from a database, it could cause an\napplication using these functions to crash or, possibly, execute\narbitrary code. (CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data\nthan specified by its second argument, as this argument will be\nignored. This is consistent with current upstream behavior.\nPreviously, the length limit (the second argument) was not enforced,\nallowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting\nof BYTEA type values acquired from a database. An attacker able to\ncause an application using perl-DBD-Pg to perform a large number of\nSQL queries returning BYTEA records, could cause the application to\nuse excessive amounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated\npackage, which contains backported patches to fix these issues.\nApplications using perl-DBD-Pg must be restarted for the update to\ntake effect.", "modified": "2020-01-02T00:00:00", "id": "ORACLELINUX_ELSA-2009-0479.NASL", "href": "https://www.tenable.com/plugins/nessus/67857", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : perl-DBD-Pg (ELSA-2009-0479)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:0479 and \n# Oracle Linux Security Advisory ELSA-2009-0479 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67857);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:08\");\n\n script_cve_id(\"CVE-2009-0663\", \"CVE-2009-1341\");\n script_bugtraq_id(34755, 34757);\n script_xref(name:\"RHSA\", value:\"2009:0479\");\n\n script_name(english:\"Oracle Linux 5 : perl-DBD-Pg (ELSA-2009-0479)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:0479 :\n\nAn updated perl-DBD-Pg package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPerl DBI is a database access Application Programming Interface (API)\nfor the Perl language. perl-DBD-Pg allows Perl applications to access\nPostgreSQL database servers.\n\nA heap-based buffer overflow flaw was discovered in the pg_getline\nfunction implementation. If the pg_getline or getline functions read\nlarge, untrusted records from a database, it could cause an\napplication using these functions to crash or, possibly, execute\narbitrary code. (CVE-2009-0663)\n\nNote: After installing this update, pg_getline may return more data\nthan specified by its second argument, as this argument will be\nignored. This is consistent with current upstream behavior.\nPreviously, the length limit (the second argument) was not enforced,\nallowing a buffer overflow.\n\nA memory leak flaw was found in the function performing the de-quoting\nof BYTEA type values acquired from a database. An attacker able to\ncause an application using perl-DBD-Pg to perform a large number of\nSQL queries returning BYTEA records, could cause the application to\nuse excessive amounts of memory or, possibly, crash. (CVE-2009-1341)\n\nAll users of perl-DBD-Pg are advised to upgrade to this updated\npackage, which contains backported patches to fix these issues.\nApplications using perl-DBD-Pg must be restarted for the update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-May/001005.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-dbd-pg package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-DBD-Pg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"perl-DBD-Pg-1.49-2.el5_3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-DBD-Pg\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "description": "pg_getline buffer overflow, DoS.", "modified": "2009-12-29T00:00:00", "published": "2009-12-29T00:00:00", "id": "SECURITYVULNS:VULN:10494", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10494", "title": "Perl DBD::Pg module buffer overflow", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:344\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : perl-DBD-Pg\r\n Date : December 28, 2009\r\n Affected: 2008.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg:\r\n \r\n Heap-based buffer overflow in the DBD::Pg module for Perl might allow\r\n context-dependent attackers to execute arbitrary code via unspecified\r\n input to an application that uses the getline and pg_getline functions\r\n to read database rows.\r\n \r\n Memory leak in the dequote_bytea function in quote.c in the DBD::Pg\r\n (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows\r\n context-dependent attackers to cause a denial of service (memory\r\n consumption) by fetching data with BYTEA columns (CVE-2009-1341).\r\n \r\n Packages for 2008.0 are provided for Corporate Desktop 2008.0\r\n customers.\r\n \r\n This update provides a fix for these vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0663\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1341\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n be2421eff6d4387621d1a9c2fb0cf553 2008.0/i586/perl-DBD-Pg-1.49-2.1mdv2008.0.i586.rpm \r\n 02653121d648cd28a3f6d0da998ee210 2008.0/SRPMS/perl-DBD-Pg-1.49-2.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 5f1b67d426cedecd1a16aff009282a9a 2008.0/x86_64/perl-DBD-Pg-1.49-2.1mdv2008.0.x86_64.rpm \r\n 02653121d648cd28a3f6d0da998ee210 2008.0/SRPMS/perl-DBD-Pg-1.49-2.1mdv2008.0.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFLOMUzmqjQ0CJFipgRAk7GAKCnBIUblxVDM6cYyhnTmNePQrfC8QCgqyNy\r\nZUOi0+H3xSlS/QpHljbyZaQ=\r\n=7+yD\r\n-----END PGP SIGNATURE-----", "modified": "2009-12-29T00:00:00", "published": "2009-12-29T00:00:00", "id": "SECURITYVULNS:DOC:23000", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23000", "title": "[ MDVSA-2009:344 ] perl-DBD-Pg", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:51:57", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 34757\r\nCVE ID\uff1aCVE-2009-1341\r\n\r\nDBD::Pg\u662f\u4e00\u6b3e\u7528\u4e8ePostgreSQL\u6570\u636e\u5e93\u8bbf\u95ee\u7684DBI\u9a71\u52a8\u6a21\u5757\u3002\r\nDBD::Pg\u4ece\u6570\u636e\u4e2d\u8fd4\u56de\u7684\u672a\u52a0\u5f15\u53f7BYTEA\u503c\u53ef\u5bfc\u81f4\u51fd\u6570\u5185\u5b58\u6cc4\u6f0f\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\n\nDebian Linux 4.0 sparc\r\nDebian Linux 4.0 s/390\r\nDebian Linux 4.0 powerpc\r\nDebian Linux 4.0 mipsel\r\nDebian Linux 4.0 mips\r\nDebian Linux 4.0 m68k\r\nDebian Linux 4.0 ia-64\r\nDebian Linux 4.0 ia-32\r\nDebian Linux 4.0 hppa\r\nDebian Linux 4.0 armel\r\nDebian Linux 4.0 arm\r\nDebian Linux 4.0 amd64\r\nDebian Linux 4.0 alpha\r\nDebian Linux 4.0\r\n \n Debian\u7cfb\u7edf\u53ef\u53c2\u8003\u5982\u4e0b\u5347\u7ea7\u7a0b\u5e8f\uff1a\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\nSource archives:\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n.orig.tar.gz\r\n Size/MD5 checksum: 147310 76b9d6a2f4cbaefcba23380f83998215\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1.diff.gz\r\n Size/MD5 checksum: 7869 56a99e2007bf916001c3f25e666b5eb1\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1.dsc\r\n Size/MD5 checksum: 1137 27572a9adacd09243cbc9a6cbd8b32cf\r\namd64 architecture (AMD x86_64 (AMD64))\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_amd64.deb\r\n Size/MD5 checksum: 131228 f4c6b39a15df7b264e4fec6c84348a00\r\narm architecture (ARM)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_arm.deb\r\n Size/MD5 checksum: 125596 071c0261e3c53c0c58d7c49deda91c4d\r\nhppa architecture (HP PA RISC)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_hppa.deb\r\n Size/MD5 checksum: 136324 c523cf9f116595cf92087694018eeaeb\r\ni386 architecture (Intel ia32)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_i386.deb\r\n Size/MD5 checksum: 128756 99639a5e94713216d7ab656569c3a1d9\r\nia64 architecture (Intel ia64)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_ia64.deb\r\n Size/MD5 checksum: 155694 5cc52a6a7a2f20659a7c1a0a2202b4c9\r\nmips architecture (MIPS (Big Endian))\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_mips.deb\r\n Size/MD5 checksum: 116780 da0d63d78a9b71edf49a49d9ca931887\r\nmipsel architecture (MIPS (Little Endian))\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_mipsel.deb\r\n Size/MD5 checksum: 116568 e23a1521db5192b9029d67c8f05bfd8f\r\npowerpc architecture (PowerPC)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_powerpc.deb\r\n Size/MD5 checksum: 131058 2dfd7e0569b0b712dcdc195788a86c9b\r\ns390 architecture (IBM S/390)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_s390.deb\r\n Size/MD5 checksum: 123850 a42d01e742d27217d859c883c2a38ef1\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_sparc.deb\r\n Size/MD5 checksum: 129566 f4194cffcb723109eea117e1397d1e43", "modified": "2009-04-30T00:00:00", "published": "2009-04-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-5137", "id": "SSV:5137", "title": "DBD::Pg BYTEA\u503c\u5185\u5b58\u6cc4\u6f0f\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:52:11", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 34755\r\nCVE ID\uff1aCVE-2009-0663\r\n\r\nDBD::Pg\u662f\u4e00\u6b3e\u7528\u4e8ePostgreSQL\u6570\u636e\u5e93\u8bbf\u95ee\u7684DBI\u9a71\u52a8\u6a21\u5757\u3002\r\nDBD::Pg\u5b58\u5728\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\u4f7f\u7528pg_getline\u548cgetline\u51fd\u6570\u53ef\u4ece\u6570\u636e\u5e93\u4e2d\u8bfb\u53d6\u884c\u4fe1\u606f\u7684\u5e94\u7528\u7a0b\u5e8f\u53ef\u901a\u8fc7\u89e6\u53d1\u5806\u6ea2\u51fa\u800c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n \n\nDebian Linux 4.0 sparc\r\nDebian Linux 4.0 s/390\r\nDebian Linux 4.0 powerpc\r\nDebian Linux 4.0 mipsel\r\nDebian Linux 4.0 mips\r\nDebian Linux 4.0 m68k\r\nDebian Linux 4.0 ia-64\r\nDebian Linux 4.0 ia-32\r\nDebian Linux 4.0 hppa\r\nDebian Linux 4.0 armel\r\nDebian Linux 4.0 arm\r\nDebian Linux 4.0 amd64\r\nDebian Linux 4.0 alpha\r\nDebian Linux 4.0\n Debian\u7cfb\u7edf\u53ef\u53c2\u8003\u5982\u4e0b\u5347\u7ea7\u7a0b\u5e8f\uff1a\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\nSource archives:\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n.orig.tar.gz\r\n Size/MD5 checksum: 147310 76b9d6a2f4cbaefcba23380f83998215\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1.diff.gz\r\n Size/MD5 checksum: 7869 56a99e2007bf916001c3f25e666b5eb1\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1.dsc\r\n Size/MD5 checksum: 1137 27572a9adacd09243cbc9a6cbd8b32cf\r\namd64 architecture (AMD x86_64 (AMD64))\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_amd64.deb\r\n Size/MD5 checksum: 131228 f4c6b39a15df7b264e4fec6c84348a00\r\narm architecture (ARM)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_arm.deb\r\n Size/MD5 checksum: 125596 071c0261e3c53c0c58d7c49deda91c4d\r\nhppa architecture (HP PA RISC)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_hppa.deb\r\n Size/MD5 checksum: 136324 c523cf9f116595cf92087694018eeaeb\r\ni386 architecture (Intel ia32)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_i386.deb\r\n Size/MD5 checksum: 128756 99639a5e94713216d7ab656569c3a1d9\r\nia64 architecture (Intel ia64)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_ia64.deb\r\n Size/MD5 checksum: 155694 5cc52a6a7a2f20659a7c1a0a2202b4c9\r\nmips architecture (MIPS (Big Endian))\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_mips.deb\r\n Size/MD5 checksum: 116780 da0d63d78a9b71edf49a49d9ca931887\r\nmipsel architecture (MIPS (Little Endian))\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_mipsel.deb\r\n Size/MD5 checksum: 116568 e23a1521db5192b9029d67c8f05bfd8f\r\npowerpc architecture (PowerPC)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_powerpc.deb\r\n Size/MD5 checksum: 131058 2dfd7e0569b0b712dcdc195788a86c9b\r\ns390 architecture (IBM S/390)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_s390.deb\r\n Size/MD5 checksum: 123850 a42d01e742d27217d859c883c2a38ef1\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a>\r\n-2+etch1_sparc.deb\r\n Size/MD5 checksum: 129566 f4194cffcb723109eea117e1397d1e43", "modified": "2009-04-30T00:00:00", "published": "2009-04-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-5136", "id": "SSV:5136", "title": "DBD::Pg 'pg_getline()'\u548c'getline()'\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}]}
