ID SECURITYVULNS:VULN:10208
Type securityvulns
Reporter JEREMYBROWN
Modified 2009-09-08T00:00:00
Description
Buffer overflow in /opt/gemstone/sys/stoned on -e and -l command line switches.
{"id": "SECURITYVULNS:VULN:10208", "bulletinFamily": "software", "title": "GemStone/S buffer overflow", "description": "Buffer overflow in /opt/gemstone/sys/stoned on -e and -l command line switches.", "published": "2009-09-08T00:00:00", "modified": "2009-09-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10208", "reporter": "JEREMYBROWN", "references": ["https://vulners.com/securityvulns/securityvulns:doc:22420"], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:09:34", "edition": 1, "viewCount": 8, "enchantments": {"score": {"value": 5.1, "vector": "NONE", "modified": "2018-08-31T11:09:34", "rev": 2}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201473", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201462", "OPENVAS:1361412562311220201457"]}, {"type": "nessus", "idList": ["EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1489.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1491.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22420"]}], "modified": "2018-08-31T11:09:34", "rev": 2}, "vulnersScore": 5.1}, "affectedSoftware": []}
{"nessus": [{"lastseen": "2021-01-22T13:35:39", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0166 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-21T00:00:00", "title": "RHEL 8 : postgresql:10 (RHSA-2021:0166)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720", "CVE-2020-14349", "CVE-2019-10164"], "modified": "2021-01-21T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "cpe:/a:redhat:rhel_eus:8.1::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/a:redhat:rhel_e4s:8.1::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib"], "id": "REDHAT-RHSA-2021-0166.NASL", "href": "https://www.tenable.com/plugins/nessus/145243", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0166. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145243);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/21\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10164\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14349\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452, 108875);\n script_xref(name:\"RHSA\", value:\"2021:0166\");\n\n script_name(english:\"RHEL 8 : postgresql:10 (RHSA-2021:0166)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0166 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1719698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10164\");\n script_cwe_id(20, 89, 121, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_1'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0166');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:10': [\n {'reference':'postgresql-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-docs / postgresql-plperl / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-22T13:35:39", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0167 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-20T00:00:00", "title": "RHEL 8 : postgresql:9.6 (RHSA-2021:0167)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "modified": "2021-01-20T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "cpe:/a:redhat:rhel_eus:8.1::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/a:redhat:rhel_e4s:8.1::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib"], "id": "REDHAT-RHSA-2021-0167.NASL", "href": "https://www.tenable.com/plugins/nessus/145227", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0167. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145227);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/21\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452);\n script_xref(name:\"RHSA\", value:\"2021:0167\");\n\n script_name(english:\"RHEL 8 : postgresql:9.6 (RHSA-2021:0167)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0167 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_1'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0167');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\nif ('9.6' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:9.6': [\n {'reference':'postgresql-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-docs / postgresql-plperl / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:07:50", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0164 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-18T00:00:00", "title": "RHEL 8 : postgresql:9.6 (RHSA-2021:0164)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "modified": "2021-01-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "cpe:/o:redhat:rhel_e4s:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/a:redhat:rhel_tus:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql", "cpe:/o:redhat:rhel_aus:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "cpe:/a:redhat:rhel_aus:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "cpe:/o:redhat:rhel_eus:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "cpe:/a:redhat:rhel_eus:8.2::appstream"], "id": "REDHAT-RHSA-2021-0164.NASL", "href": "https://www.tenable.com/plugins/nessus/145043", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0164. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145043);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452);\n script_xref(name:\"RHSA\", value:\"2021:0164\");\n\n script_name(english:\"RHEL 8 : postgresql:9.6 (RHSA-2021:0164)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0164 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_aus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_tus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0164');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\nif ('9.6' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:9.6': [\n {'reference':'postgresql-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-debugsource / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-31T13:19:53", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-56191 advisory.\n\n - A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8,\n 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for\n tables. Certain statistics, such as histograms and lists of most common values, contain values taken from\n the column. PostgreSQL does not evaluate row security policies before consulting those statistics during\n query planning; an attacker can exploit this to read the most common values of certain columns. Affected\n columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-\n level security prunes the set of rows visible to the attacker. (CVE-2019-10130)\n\n - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before\n 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a\n suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute\n arbitrary SQL as the owner of the function. (CVE-2019-10208)\n\n - A flaw was found in PostgreSQL's ALTER ... DEPENDS ON EXTENSION, where sub-commands did not perform\n authorization checks. An authenticated attacker could use this flaw in certain configurations to perform\n drop objects such as function, triggers, et al., leading to database corruption. This issue affects\n PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. (CVE-2020-1720)\n\n - It was found that some PostgreSQL extensions did not use search_path safely in their installation script.\n An attacker with sufficient privileges could use this flaw to trick an administrator into executing a\n specially crafted script, during the installation or update of such extension. This affects PostgreSQL\n versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses\n the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-\n the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat\n from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-25694)\n\n - A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5,\n before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset\n when querying a compromised server, the attacker can execute arbitrary code as the operating system\n account running psql. The highest threat from this vulnerability is to data confidentiality and integrity\n as well as system availability. (CVE-2020-25696)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one\n schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-23T00:00:00", "title": "Oracle Linux 8 : ELSA-2020-5619-1: / postgresql:9.6 (ELSA-2020-56191)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "modified": "2020-12-23T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:postgresql-server-devel", "p-cpe:/a:oracle:linux:postgresql-plperl", "p-cpe:/a:oracle:linux:postgresql-contrib", "p-cpe:/a:oracle:linux:postgresql-plpython3", "p-cpe:/a:oracle:linux:postgresql-test-rpm-macros", "p-cpe:/a:oracle:linux:postgresql-pltcl", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:postgresql-docs", "p-cpe:/a:oracle:linux:postgresql", "p-cpe:/a:oracle:linux:postgresql-static", "p-cpe:/a:oracle:linux:postgresql-test", "p-cpe:/a:oracle:linux:postgresql-server"], "id": "ORACLELINUX_ELSA-2020-56191.NASL", "href": "https://www.tenable.com/plugins/nessus/144565", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-56191.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144565);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/30\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452);\n script_xref(name:\"IAVB\", value:\"2020-B-0069\");\n\n script_name(english:\"Oracle Linux 8 : ELSA-2020-5619-1: / postgresql:9.6 (ELSA-2020-56191)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-56191 advisory.\n\n - A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8,\n 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for\n tables. Certain statistics, such as histograms and lists of most common values, contain values taken from\n the column. PostgreSQL does not evaluate row security policies before consulting those statistics during\n query planning; an attacker can exploit this to read the most common values of certain columns. Affected\n columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-\n level security prunes the set of rows visible to the attacker. (CVE-2019-10130)\n\n - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before\n 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a\n suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute\n arbitrary SQL as the owner of the function. (CVE-2019-10208)\n\n - A flaw was found in PostgreSQL's ALTER ... DEPENDS ON EXTENSION, where sub-commands did not perform\n authorization checks. An authenticated attacker could use this flaw in certain configurations to perform\n drop objects such as function, triggers, et al., leading to database corruption. This issue affects\n PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. (CVE-2020-1720)\n\n - It was found that some PostgreSQL extensions did not use search_path safely in their installation script.\n An attacker with sufficient privileges could use this flaw to trick an administrator into executing a\n specially crafted script, during the installation or update of such extension. This affects PostgreSQL\n versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses\n the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-\n the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat\n from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-25694)\n\n - A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5,\n before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset\n when querying a compromised server, the attacker can execute arbitrary code as the operating system\n account running psql. The highest threat from this vulnerability is to data confidentiality and integrity\n as well as system availability. (CVE-2020-25696)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one\n schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5619-1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'postgresql-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-server-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-static-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-test-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-docs / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-31T14:07:22", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5664 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-22T00:00:00", "title": "RHEL 8 : postgresql:10 (RHSA-2020:5664)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720", "CVE-2020-14349", "CVE-2019-10164"], "modified": "2020-12-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/a:redhat:rhel_e4s:8.0::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "cpe:/o:redhat:rhel_e4s:8.0"], "id": "REDHAT-RHSA-2020-5664.NASL", "href": "https://www.tenable.com/plugins/nessus/144559", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5664. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144559);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/30\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10164\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14349\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452, 108875);\n script_xref(name:\"RHSA\", value:\"2020:5664\");\n script_xref(name:\"IAVB\", value:\"2020-B-0069\");\n\n script_name(english:\"RHEL 8 : postgresql:10 (RHSA-2020:5664)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5664 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1719698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10164\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 121, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.0::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_0_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_0'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:5664');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:10': [\n {'reference':'postgresql-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-debugsource / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-31T14:07:21", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5661 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-22T00:00:00", "title": "RHEL 8 : postgresql:9.6 (RHSA-2020:5661)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "modified": "2020-12-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/a:redhat:rhel_e4s:8.0::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "cpe:/o:redhat:rhel_e4s:8.0"], "id": "REDHAT-RHSA-2020-5661.NASL", "href": "https://www.tenable.com/plugins/nessus/144560", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5661. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144560);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/30\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452);\n script_xref(name:\"RHSA\", value:\"2020:5661\");\n script_xref(name:\"IAVB\", value:\"2020-B-0069\");\n\n script_name(english:\"RHEL 8 : postgresql:9.6 (RHSA-2020:5661)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5661 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.0::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_0_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_0'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:5661');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\nif ('9.6' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:9.6': [\n {'reference':'postgresql-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-debugsource / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-22T05:50:43", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5619 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-18T00:00:00", "title": "RHEL 8 : postgresql:9.6 (RHSA-2020:5619)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "modified": "2020-12-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql", "cpe:/a:redhat:enterprise_linux:8::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib"], "id": "REDHAT-RHSA-2020-5619.NASL", "href": "https://www.tenable.com/plugins/nessus/144395", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5619. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144395);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/21\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452);\n script_xref(name:\"RHSA\", value:\"2020:5619\");\n\n script_name(english:\"RHEL 8 : postgresql:9.6 (RHSA-2020:5619)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5619 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:5619');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\nif ('9.6' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:9.6': [\n {'reference':'postgresql-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-debugsource / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-28T21:10:15", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2020-1441 advisory.\n\n - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before\n 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a\n suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute\n arbitrary SQL as the owner of the function. (CVE-2019-10208)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-28T00:00:00", "title": "Amazon Linux AMI : postgresql94 (ALAS-2020-1441)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10208"], "modified": "2020-10-28T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:postgresql94-libs", "p-cpe:/a:amazon:linux:postgresql94-plpython26", "p-cpe:/a:amazon:linux:postgresql94-test", "p-cpe:/a:amazon:linux:postgresql94", "p-cpe:/a:amazon:linux:postgresql94-debuginfo", "p-cpe:/a:amazon:linux:postgresql94-docs", "p-cpe:/a:amazon:linux:postgresql94-devel", "p-cpe:/a:amazon:linux:postgresql94-plpython27", "p-cpe:/a:amazon:linux:postgresql94-contrib", "p-cpe:/a:amazon:linux:postgresql94-plperl", "p-cpe:/a:amazon:linux:postgresql94-server", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1441.NASL", "href": "https://www.tenable.com/plugins/nessus/141992", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1441.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141992);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/28\");\n\n script_cve_id(\"CVE-2019-10208\");\n script_xref(name:\"ALAS\", value:\"2020-1441\");\n\n script_name(english:\"Amazon Linux AMI : postgresql94 (ALAS-2020-1441)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2020-1441 advisory.\n\n - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before\n 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a\n suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute\n arbitrary SQL as the owner of the function. (CVE-2019-10208)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1441.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update postgresql94' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10208\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql94\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql94-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql94-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql94-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql94-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql94-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql94-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql94-plpython26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql94-plpython27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql94-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql94-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'postgresql94-9.4.26-1.77.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql94-9.4.26-1.77.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql94-contrib-9.4.26-1.77.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql94-contrib-9.4.26-1.77.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql94-debuginfo-9.4.26-1.77.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql94-debuginfo-9.4.26-1.77.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql94-devel-9.4.26-1.77.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql94-devel-9.4.26-1.77.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql94-docs-9.4.26-1.77.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql94-docs-9.4.26-1.77.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql94-libs-9.4.26-1.77.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql94-libs-9.4.26-1.77.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql94-plperl-9.4.26-1.77.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql94-plperl-9.4.26-1.77.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql94-plpython26-9.4.26-1.77.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql94-plpython26-9.4.26-1.77.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql94-plpython27-9.4.26-1.77.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql94-plpython27-9.4.26-1.77.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql94-server-9.4.26-1.77.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql94-server-9.4.26-1.77.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql94-test-9.4.26-1.77.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql94-test-9.4.26-1.77.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql94 / postgresql94-contrib / postgresql94-debuginfo / etc\");\n}", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-10-28T21:10:15", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1443 advisory.\n\n - A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8,\n 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for\n tables. Certain statistics, such as histograms and lists of most common values, contain values taken from\n the column. PostgreSQL does not evaluate row security policies before consulting those statistics during\n query planning; an attacker can exploit this to read the most common values of certain columns. Affected\n columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-\n level security prunes the set of rows visible to the attacker. (CVE-2019-10130)\n\n - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before\n 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a\n suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute\n arbitrary SQL as the owner of the function. (CVE-2019-10208)\n\n - It was found that some PostgreSQL extensions did not use search_path safely in their installation script.\n An attacker with sufficient privileges could use this flaw to trick an administrator into executing a\n specially crafted script, during the installation or update of such extension. This affects PostgreSQL\n versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)\n\n - A flaw was found in PostgreSQL's ALTER ... DEPENDS ON EXTENSION, where sub-commands did not perform\n authorization checks. An authenticated attacker could use this flaw in certain configurations to perform\n drop objects such as function, triggers, et al., leading to database corruption. This issue affects\n PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. (CVE-2020-1720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-28T00:00:00", "title": "Amazon Linux AMI : postgresql96 (ALAS-2020-1443)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10208", "CVE-2019-10130", "CVE-2020-14350", "CVE-2020-1720"], "modified": "2020-10-28T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:postgresql96-docs", "p-cpe:/a:amazon:linux:postgresql96-test", "p-cpe:/a:amazon:linux:postgresql96-contrib", "p-cpe:/a:amazon:linux:postgresql96-server", "p-cpe:/a:amazon:linux:postgresql96-devel", "p-cpe:/a:amazon:linux:postgresql96-plpython26", "p-cpe:/a:amazon:linux:postgresql96-libs", "p-cpe:/a:amazon:linux:postgresql96-static", "p-cpe:/a:amazon:linux:postgresql96-plperl", "p-cpe:/a:amazon:linux:postgresql96", "p-cpe:/a:amazon:linux:postgresql96-debuginfo", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:postgresql96-plpython27"], "id": "ALA_ALAS-2020-1443.NASL", "href": "https://www.tenable.com/plugins/nessus/141979", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1443.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141979);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/28\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14350\"\n );\n script_bugtraq_id(108452);\n script_xref(name:\"ALAS\", value:\"2020-1443\");\n\n script_name(english:\"Amazon Linux AMI : postgresql96 (ALAS-2020-1443)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1443 advisory.\n\n - A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8,\n 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for\n tables. Certain statistics, such as histograms and lists of most common values, contain values taken from\n the column. PostgreSQL does not evaluate row security policies before consulting those statistics during\n query planning; an attacker can exploit this to read the most common values of certain columns. Affected\n columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-\n level security prunes the set of rows visible to the attacker. (CVE-2019-10130)\n\n - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before\n 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a\n suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute\n arbitrary SQL as the owner of the function. (CVE-2019-10208)\n\n - It was found that some PostgreSQL extensions did not use search_path safely in their installation script.\n An attacker with sufficient privileges could use this flaw to trick an administrator into executing a\n specially crafted script, during the installation or update of such extension. This affects PostgreSQL\n versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)\n\n - A flaw was found in PostgreSQL's ALTER ... DEPENDS ON EXTENSION, where sub-commands did not perform\n authorization checks. An authenticated attacker could use this flaw in certain configurations to perform\n drop objects such as function, triggers, et al., leading to database corruption. This issue affects\n PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. (CVE-2020-1720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1443.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update postgresql96' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10208\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96-plpython26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96-plpython27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql96-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'postgresql96-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql96-contrib-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-contrib-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql96-debuginfo-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-debuginfo-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql96-devel-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-devel-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql96-docs-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-docs-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql96-libs-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-libs-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql96-plperl-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-plperl-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql96-plpython26-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-plpython26-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql96-plpython27-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-plpython27-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql96-server-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-server-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql96-static-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-static-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql96-test-9.6.19-1.83.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql96-test-9.6.19-1.83.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql96 / postgresql96-contrib / postgresql96-debuginfo / etc\");\n}", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-10-28T13:12:37", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1442 advisory.\n\n - A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8,\n 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for\n tables. Certain statistics, such as histograms and lists of most common values, contain values taken from\n the column. PostgreSQL does not evaluate row security policies before consulting those statistics during\n query planning; an attacker can exploit this to read the most common values of certain columns. Affected\n columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-\n level security prunes the set of rows visible to the attacker. (CVE-2019-10130)\n\n - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before\n 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a\n suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute\n arbitrary SQL as the owner of the function. (CVE-2019-10208)\n\n - It was found that some PostgreSQL extensions did not use search_path safely in their installation script.\n An attacker with sufficient privileges could use this flaw to trick an administrator into executing a\n specially crafted script, during the installation or update of such extension. This affects PostgreSQL\n versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-27T00:00:00", "title": "Amazon Linux AMI : postgresql95 (ALAS-2020-1442)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10208", "CVE-2019-10130", "CVE-2020-14350"], "modified": "2020-10-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:postgresql95-plpython27", "p-cpe:/a:amazon:linux:postgresql95-docs", "p-cpe:/a:amazon:linux:postgresql95-server", "p-cpe:/a:amazon:linux:postgresql95-contrib", "p-cpe:/a:amazon:linux:postgresql95-plperl", "p-cpe:/a:amazon:linux:postgresql95-test", "p-cpe:/a:amazon:linux:postgresql95-plpython26", "p-cpe:/a:amazon:linux:postgresql95", "p-cpe:/a:amazon:linux:postgresql95-devel", "p-cpe:/a:amazon:linux:postgresql95-static", "p-cpe:/a:amazon:linux:postgresql95-debuginfo", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:postgresql95-libs"], "id": "ALA_ALAS-2020-1442.NASL", "href": "https://www.tenable.com/plugins/nessus/141944", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1442.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141944);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/27\");\n\n script_cve_id(\"CVE-2019-10130\", \"CVE-2019-10208\", \"CVE-2020-14350\");\n script_bugtraq_id(108452);\n script_xref(name:\"ALAS\", value:\"2020-1442\");\n\n script_name(english:\"Amazon Linux AMI : postgresql95 (ALAS-2020-1442)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1442 advisory.\n\n - A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8,\n 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for\n tables. Certain statistics, such as histograms and lists of most common values, contain values taken from\n the column. PostgreSQL does not evaluate row security policies before consulting those statistics during\n query planning; an attacker can exploit this to read the most common values of certain columns. Affected\n columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-\n level security prunes the set of rows visible to the attacker. (CVE-2019-10130)\n\n - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before\n 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a\n suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute\n arbitrary SQL as the owner of the function. (CVE-2019-10208)\n\n - It was found that some PostgreSQL extensions did not use search_path safely in their installation script.\n An attacker with sufficient privileges could use this flaw to trick an administrator into executing a\n specially crafted script, during the installation or update of such extension. This affects PostgreSQL\n versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1442.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update postgresql95' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10208\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95-plpython26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95-plpython27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:postgresql95-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'postgresql95-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql95-contrib-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-contrib-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql95-debuginfo-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-debuginfo-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql95-devel-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-devel-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql95-docs-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-docs-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql95-libs-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-libs-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql95-plperl-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-plperl-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql95-plpython26-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-plpython26-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql95-plpython27-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-plpython27-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql95-server-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-server-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql95-static-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-static-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'postgresql95-test-9.5.23-1.81.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'postgresql95-test-9.5.23-1.81.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql95 / postgresql95-contrib / postgresql95-debuginfo / etc\");\n}", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "rst": [{"lastseen": "2021-01-20T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **91[.]206.183.148** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **21**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-20T03:00:00.\n IOC tags: **generic**.\nASN 47625: (First IP 91.206.182.0, Last IP 91.206.183.255).\nASN Name \"UKHOST4U\" and Organisation \"\".\nASN hosts 10208 domains.\nGEO IP information: City \"\", Country \"United Kingdom\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:5F17C2AD-B573-3071-9419-0D29FB9FC2C1", "href": "", "published": "2021-01-21T00:00:00", "title": "RST Threat feed. IOC: 91.206.183.148", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-20T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **188[.]64.186.224** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **21**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-20T03:00:00.\n IOC tags: **generic**.\nASN 47625: (First IP 188.64.184.0, Last IP 188.64.191.255).\nASN Name \"UKHOST4U\" and Organisation \"\".\nASN hosts 10208 domains.\nGEO IP information: City \"\", Country \"United Kingdom\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:86D5EAD9-BDD6-3235-822B-661B462F9050", "href": "", "published": "2021-01-21T00:00:00", "title": "RST Threat feed. IOC: 188.64.186.224", "type": "rst", "cvss": {}}], "redhat": [{"lastseen": "2021-01-18T16:40:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10208", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (9.6.20).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T21:08:50", "published": "2021-01-18T15:05:40", "id": "RHSA-2021:0167", "href": "https://access.redhat.com/errata/RHSA-2021:0167", "type": "redhat", "title": "(RHSA-2021:0167) Important: postgresql:9.6 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T16:38:43", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10164", "CVE-2019-10208", "CVE-2020-14349", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (10.15).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T21:08:45", "published": "2021-01-18T15:02:33", "id": "RHSA-2021:0166", "href": "https://access.redhat.com/errata/RHSA-2021:0166", "type": "redhat", "title": "(RHSA-2021:0166) Important: postgresql:10 security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T10:41:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10208", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (9.6.20).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T14:46:33", "published": "2021-01-18T14:18:50", "id": "RHSA-2021:0164", "href": "https://access.redhat.com/errata/RHSA-2021:0164", "type": "redhat", "title": "(RHSA-2021:0164) Important: postgresql:9.6 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-22T09:30:27", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10164", "CVE-2019-10208", "CVE-2020-14349", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (10.15).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-22T14:13:35", "published": "2020-12-22T13:57:48", "id": "RHSA-2020:5664", "href": "https://access.redhat.com/errata/RHSA-2020:5664", "type": "redhat", "title": "(RHSA-2020:5664) Important: postgresql:10 security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-22T09:32:04", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10208", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (9.6.20).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-22T13:47:09", "published": "2020-12-22T13:40:11", "id": "RHSA-2020:5661", "href": "https://access.redhat.com/errata/RHSA-2020:5661", "type": "redhat", "title": "(RHSA-2020:5661) Important: postgresql:9.6 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-17T17:31:29", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10208", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (9.6.20).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-17T20:32:28", "published": "2020-12-17T20:20:53", "id": "RHSA-2020:5619", "href": "https://access.redhat.com/errata/RHSA-2020:5619", "type": "redhat", "title": "(RHSA-2020:5619) Important: postgresql:9.6 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-01-15T14:33:03", "description": "Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges.\nThe products as shown in the CPE configuration are placeholders for each product series.", "edition": 3, "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.9, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-12-30T00:15:00", "title": "CVE-2020-10208", "type": "cve", "cwe": ["CWE-77"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10208"], "modified": "2021-01-14T16:08:00", "cpe": ["cpe:/o:amino:ak65x_firmware:-", "cpe:/o:amino:aria7xx_firmware:-", "cpe:/o:amino:ak5xx_firmware:-", "cpe:/o:amino:kami7b_firmware:-", "cpe:/o:amino:ak45x_firmware:-", "cpe:/o:amino:aria6xx_firmware:-"], "id": "CVE-2020-10208", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10208", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:amino:aria7xx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amino:kami7b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amino:ak5xx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amino:ak65x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amino:ak45x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amino:aria6xx_firmware:-:*:*:*:*:*:*:*"]}], "oraclelinux": [{"lastseen": "2020-12-30T19:27:20", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "description": "[9.6.20-1]\n- Rebase to upstream release 9.6.20\n Resolves: rhbz#1901563\n Resolves: rhbz#1898218\n Resolves: rhbz#1898334\n[9.6.19-1]\n- Rebase to 9.6.19\n Also fixes: CVE-2019-10208, CVE-2020-14350, CVE-2019-10130\n Resolves: #1741490\n Resolves: #1867111\n Resolves: #1845074", "edition": 3, "modified": "2020-12-23T00:00:00", "published": "2020-12-23T00:00:00", "id": "ELSA-2020-5619-1", "href": "http://linux.oracle.com/errata/ELSA-2020-5619-1.html", "title": "postgresql:9.6 security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}]}