Vulnerabilities > CVE-2010-4015 - Numeric Errors vulnerability in Postgresql
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_3_POSTGRESQL-110217.NASL description A buffer overflow in the intarray module potentially allowed attackers to execute arbitrary code as the user running postgresql (CVE-2010-4015:CVSS v2 Base Score: 4.9). Additionally a possible log forging problem was fixed too. (CVE-2010-4014) last seen 2020-06-01 modified 2020-06-02 plugin id 75713 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75713 title openSUSE Security Update : postgresql (openSUSE-SU-2011:0254-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-22.NASL description The remote host is affected by the vulnerability described in GLSA-201110-22 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the last seen 2020-06-01 modified 2020-06-02 plugin id 56626 published 2011-10-25 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56626 title GLSA-201110-22 : PostgreSQL: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_POSTGRESQL-110217.NASL description A buffer overflow in the intarray module potentially allowed attackers to execute arbitrary code as the user running PostgreSQL (CVE-2010-4015: CVSS v2 Base Score: 4.9). Additionally a possible log forging problem was fixed too. (CVE-2010-4014) last seen 2020-06-01 modified 2020-06-02 plugin id 53230 published 2011-03-31 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53230 title SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 3977) NASL family Solaris Local Security Checks NASL id SOLARIS10_138826.NASL description SunOS 5.10: PostgreSQL 8.3 core patch. Date this patch was last updated by Sun : Mar/29/13 This plugin has been deprecated and either replaced with individual 138826 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 39555 published 2009-06-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39555 title Solaris 10 (sparc) : 138826-12 (deprecated) NASL family Databases NASL id POSTGRESQL_20110201.NASL description The version of PostgreSQL installed on the remote host is 8.2.x prior to 8.2.20, 8.3.x prior to 8.3.14, 8.4.x prior to 8.4.7, or 9.0.x prior to 9.0.3. It therefore is potentially affected by a buffer overflow vulnerability. By calling functions from the intarray optional module with certain parameters, a remote, authenticated attacker could execute arbitrary code on the remote host subject to the privileges of the user running the affected application. last seen 2020-06-01 modified 2020-06-02 plugin id 63351 published 2012-12-28 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63351 title PostgreSQL 8.2 < 8.2.20 / 8.3 < 8.3.14 / 8.4 < 8.4.7 / 9.0 < 9.0.3 Buffer Overflow Vulnerability NASL family SuSE Local Security Checks NASL id SUSE_POSTGRESQL-7341.NASL description A buffer overflow in the intarray module potentially allowed attackers to execute arbitrary code as the user running postgresql (CVE-2010-4015:CVSS v2 Base Score: 4.9). Additionally a possible log forging problem was fixed too. (CVE-2010-4014) last seen 2020-06-01 modified 2020-06-02 plugin id 53237 published 2011-03-31 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53237 title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 7341) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0197.NASL description From Red Hat Security Advisory 2011:0197 : Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from a SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. For Red Hat Enterprise Linux 4, the updated postgresql packages contain a backported patch for this issue; there are no other changes. For Red Hat Enterprise Linux 5, the updated postgresql packages upgrade PostgreSQL to version 8.1.23, and contain a backported patch for this issue. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.1/static/release.html For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.7, which includes a fix for this issue. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 68193 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68193 title Oracle Linux 4 / 5 / 6 : postgresql (ELSA-2011-0197) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_138827.NASL description SunOS 5.10_x86: PostgreSQL 8.3 core patch. Date this patch was last updated by Sun : Mar/29/13 This plugin has been deprecated and either replaced with individual 138827 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 39558 published 2009-06-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39558 title Solaris 10 (x86) : 138827-12 (deprecated) NASL family Scientific Linux Local Security Checks NASL id SL_20110203_POSTGRESQL_ON_SL4_X.NASL description A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from a SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) For Scientific Linux 4, the updated postgresql packages contain a backported patch for this issue; there are no other changes. For Scientific Linux 5, the updated postgresql packages upgrade PostgreSQL to version 8.1.23, and contain a backported patch for this issue. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.1/static/release.html If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 60951 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60951 title Scientific Linux Security Update : postgresql on SL4.x, SL5.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_136998.NASL description SunOS 5.10: PostgreSQL 8.2 core patch. Date this patch was last updated by Sun : Jun/09/11 This plugin has been deprecated and either replaced with individual 136998 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 30169 published 2008-02-05 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30169 title Solaris 10 (sparc) : 136998-10 (deprecated) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-021.NASL description A vulnerability was discovered and corrected in postgresql : Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions (CVE-2010-4015). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 This update provides a solution to this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 51898 published 2011-02-08 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51898 title Mandriva Linux Security Advisory : postgresql (MDVSA-2011:021) NASL family SuSE Local Security Checks NASL id SUSE_11_2_POSTGRESQL-110217.NASL description A buffer overflow in the intarray module potentially allowed attackers to execute arbitrary code as the user running postgresql (CVE-2010-4015:CVSS v2 Base Score: 4.9). Additionally a possible log forging problem was fixed too. (CVE-2010-4014) last seen 2020-06-01 modified 2020-06-02 plugin id 53793 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53793 title openSUSE Security Update : postgresql (openSUSE-SU-2011:0254-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_136999.NASL description SunOS 5.10_x86: PostgreSQL 8.2 core patch. Date this patch was last updated by Sun : Jun/09/11 This plugin has been deprecated and either replaced with individual 136999 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 30175 published 2008-02-05 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30175 title Solaris 10 (x86) : 136999-10 (deprecated) NASL family Fedora Local Security Checks NASL id FEDORA_2011-0963.NASL description Update to PostgreSQL 8.4.7, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-7.html including the fix for CVE-2010-4015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 51927 published 2011-02-10 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51927 title Fedora 13 : postgresql-8.4.7-1.fc13 (2011-0963) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_138823.NASL description SunOS 5.10_x86: PostgreSQL 8.3 documentation patch. Date this patch was last updated by Sun : Mar/29/13 This plugin has been deprecated and either replaced with individual 138823 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 39556 published 2009-06-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39556 title Solaris 10 (x86) : 138823-12 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_POSTGRESQL-7404.NASL description A buffer overflow in the intarray module potentially allowed attackers to execute arbitrary code as the user running postgresql. (CVE-2010-4015:CVSS v2 Base Score: 4.9) Additionally a possible log forging problem was fixed too. (CVE-2010-4014) last seen 2020-06-01 modified 2020-06-02 plugin id 57244 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57244 title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 7404) NASL family Fedora Local Security Checks NASL id FEDORA_2011-0990.NASL description Update to PostgreSQL 8.4.7, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-7.html including the fix for CVE-2010-4015 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 51897 published 2011-02-08 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51897 title Fedora 14 : postgresql-8.4.7-1.fc14 (2011-0990) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0197.NASL description Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from a SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. For Red Hat Enterprise Linux 4, the updated postgresql packages contain a backported patch for this issue; there are no other changes. For Red Hat Enterprise Linux 5, the updated postgresql packages upgrade PostgreSQL to version 8.1.23, and contain a backported patch for this issue. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.1/static/release.html For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.7, which includes a fix for this issue. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 51868 published 2011-02-04 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51868 title RHEL 4 / 5 / 6 : postgresql (RHSA-2011:0197) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0198.NASL description From Red Hat Security Advisory 2011:0198 : Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from a SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. These updated postgresql84 packages upgrade PostgreSQL to version 8.4.7. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 68194 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68194 title Oracle Linux 5 : postgresql84 (ELSA-2011-0198) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_137005.NASL description SunOS 5.10_x86: PostgreSQL 8.2 source code patch. Date this patch was last updated by Sun : Jun/09/11 This plugin has been deprecated and either replaced with individual 137005 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 31336 published 2008-03-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=31336 title Solaris 10 (x86) : 137005-09 (deprecated) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2157.NASL description It was discovered that PostgreSQL last seen 2020-03-17 modified 2011-02-04 plugin id 51862 published 2011-02-04 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51862 title Debian DSA-2157-1 : postgresql-8.3, postgresql-8.4, postgresql-9.0 - buffer overflow NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1058-1.NASL description Geoff Keating reported that a buffer overflow exists in the intarray module last seen 2020-06-01 modified 2020-06-02 plugin id 51871 published 2011-02-04 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51871 title Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability (USN-1058-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_137000.NASL description SunOS 5.10: PostgreSQL 8.2 documentation patch. Date this patch was last updated by Sun : Jun/09/11 This plugin has been deprecated and either replaced with individual 137000 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 31331 published 2008-03-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=31331 title Solaris 10 (sparc) : 137000-08 (deprecated) NASL family Scientific Linux Local Security Checks NASL id SL_20110203_POSTGRESQL84_ON_SL5_X.NASL description A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from a SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) These updated postgresql84 packages upgrade PostgreSQL to version 8.4.7. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 60950 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60950 title Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_138825.NASL description SunOS 5.10_x86: PostgreSQL 8.3 source code patch. Date this patch was last updated by Sun : Mar/29/13 This plugin has been deprecated and either replaced with individual 138825 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 39557 published 2009-06-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39557 title Solaris 10 (x86) : 138825-12 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_137001.NASL description SunOS 5.10_x86: PostgreSQL 8.2 documentation patch. Date this patch was last updated by Sun : Jun/09/11 This plugin has been deprecated and either replaced with individual 137001 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 31335 published 2008-03-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=31335 title Solaris 10 (x86) : 137001-08 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_137004.NASL description SunOS 5.10: PostgreSQL 8.2 source code patch. Date this patch was last updated by Sun : Jun/09/11 This plugin has been deprecated and either replaced with individual 137004 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 31332 published 2008-03-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=31332 title Solaris 10 (sparc) : 137004-09 (deprecated) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0197.NASL description Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from a SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. For Red Hat Enterprise Linux 4, the updated postgresql packages contain a backported patch for this issue; there are no other changes. For Red Hat Enterprise Linux 5, the updated postgresql packages upgrade PostgreSQL to version 8.1.23, and contain a backported patch for this issue. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.1/static/release.html For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.7, which includes a fix for this issue. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 51888 published 2011-02-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51888 title CentOS 4 / 5 : postgresql (CESA-2011:0197) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0198.NASL description Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from a SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. These updated postgresql84 packages upgrade PostgreSQL to version 8.4.7. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 51869 published 2011-02-04 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51869 title RHEL 5 : postgresql84 (RHSA-2011:0198) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0198.NASL description Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from a SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. These updated postgresql84 packages upgrade PostgreSQL to version 8.4.7. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 53417 published 2011-04-15 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53417 title CentOS 5 : postgresql84 (CESA-2011:0198) NASL family Misc. NASL id JUNIPER_NSM_2012_1.NASL description According to the version of one or more Juniper NSM servers running on the remote host, it is potentially vulnerable to multiple vulnerabilities, the worst of which may allow an authenticated user to trigger a denial of service condition or execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 69872 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69872 title Juniper NSM Servers < 2012.1 Multiple Vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS10_138824.NASL description SunOS 5.10: PostgreSQL 8.3 source code patch. Date this patch was last updated by Sun : Mar/29/13 This plugin has been deprecated and either replaced with individual 138824 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 39554 published 2009-06-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39554 title Solaris 10 (sparc) : 138824-12 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_138822.NASL description SunOS 5.10: PostgreSQL 8.3 documentation patch. Date this patch was last updated by Sun : Mar/29/13 This plugin has been deprecated and either replaced with individual 138822 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 39553 published 2009-06-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39553 title Solaris 10 (sparc) : 138822-12 (deprecated)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://www.postgresql.org/about/news.1289
- http://www.postgresql.org/support/security
- http://www.vupen.com/english/advisories/2011/0262
- http://secunia.com/advisories/43144
- http://www.securityfocus.com/bid/46084
- http://osvdb.org/70740
- http://www.redhat.com/support/errata/RHSA-2011-0198.html
- http://www.vupen.com/english/advisories/2011/0303
- http://secunia.com/advisories/43188
- http://secunia.com/advisories/43187
- http://secunia.com/advisories/43240
- http://secunia.com/advisories/43155
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:021
- http://www.vupen.com/english/advisories/2011/0287
- http://www.debian.org/security/2011/dsa-2157
- http://www.vupen.com/english/advisories/2011/0299
- http://www.vupen.com/english/advisories/2011/0283
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html
- http://secunia.com/advisories/43154
- http://www.vupen.com/english/advisories/2011/0278
- http://www.ubuntu.com/usn/USN-1058-1
- http://www.redhat.com/support/errata/RHSA-2011-0197.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html
- http://www.vupen.com/english/advisories/2011/0349
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://marc.info/?l=bugtraq&m=134124585221119&w=2
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65060
- http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commitdiff%3Bh=7ccb6dc2d3e266a551827bb99179708580f72431