Vulnerabilities > CVE-2014-0064 - Numeric Errors vulnerability in Postgresql
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SERVER_3_2_1.NASL description The remote Mac OS X 10.9 host has a version of OS X Server installed that is prior to version 3.2.1. It is, therefore, affected by the following vulnerabilities : - Multiple vulnerabilities exist within the included PostgreSQL, the more serious of these allow remote code execution or denial of service. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066) - A cross-site scripting vulnerability exists within the Xcode Server. Using a specially crafted website, a remote attacker can exploit this to execute arbitrary code within the server / browser trust relationship. (CVE-2014-4406) - A SQL injection vulnerability exists in the Wiki Server due to the improper validation of SQL queries. A remote attacker can exploit this to inject or manipulate SQL queries on the back-end database. (CVE-2014-4424) last seen 2020-06-01 modified 2020-06-02 plugin id 77758 published 2014-09-19 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77758 title Mac OS X : OS X Server < 3.2.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77758); script_version("1.8"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066", "CVE-2014-4406", "CVE-2014-4424" ); script_bugtraq_id( 65723, 65724, 65727, 65719, 65725, 65731, 65728, 69918, 69935 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-09-17-5"); script_name(english:"Mac OS X : OS X Server < 3.2.1 Multiple Vulnerabilities"); script_summary(english:"Checks the OS X Server version."); script_set_attribute(attribute:"synopsis", value:"The remote host is missing a security update for OS X Server."); script_set_attribute(attribute:"description", value: "The remote Mac OS X 10.9 host has a version of OS X Server installed that is prior to version 3.2.1. It is, therefore, affected by the following vulnerabilities : - Multiple vulnerabilities exist within the included PostgreSQL, the more serious of these allow remote code execution or denial of service. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066) - A cross-site scripting vulnerability exists within the Xcode Server. Using a specially crafted website, a remote attacker can exploit this to execute arbitrary code within the server / browser trust relationship. (CVE-2014-4406) - A SQL injection vulnerability exists in the Wiki Server due to the improper validation of SQL queries. A remote attacker can exploit this to inject or manipulate SQL queries on the back-end database. (CVE-2014-4424)"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6448"); script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X Server version 3.2.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/17"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:mac_os_x_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("macosx_server_services.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Server/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (!ereg(pattern:"Mac OS X 10\.9([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.9"); version = get_kb_item_or_exit("MacOSX/Server/Version"); fixed_version = "3.2.1"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { set_kb_item(name:'www/0/XSS', value:TRUE); set_kb_item(name:'www/0/SQLInjection', value:TRUE); if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_VER_NOT_VULN, "OS X Server", version);NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0211.NASL description Updated postgresql84 and postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the last seen 2020-06-01 modified 2020-06-02 plugin id 72694 published 2014-02-26 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72694 title CentOS 5 / 6 : postgresql / postgresql84 (CESA-2014:0211) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0211 and # CentOS Errata and Security Advisory 2014:0211 respectively. # include("compat.inc"); if (description) { script_id(72694); script_version("1.19"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066"); script_bugtraq_id(65719, 65723, 65724, 65725, 65727, 65728, 65731); script_xref(name:"RHSA", value:"2014:0211"); script_name(english:"CentOS 5 / 6 : postgresql / postgresql84 (CESA-2014:0211)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated postgresql84 and postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the 'ADMIN' option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from a SQL role which they were granted access to. (CVE-2014-0060) A flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061) A race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062) It was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a NULL pointer dereference. (CVE-2014-0066) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Noah Misch as the original reporter of CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as the original reporters of CVE-2014-0065, Andres Freund as the original reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the original reporters of CVE-2014-0066. These updated packages upgrade PostgreSQL to version 8.4.20, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release-8-4-19.html http://www.postgresql.org/docs/8.4/static/release-8-4-20.html All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update." ); # https://lists.centos.org/pipermail/centos-announce/2014-February/020177.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2ac7e630" ); # https://lists.centos.org/pipermail/centos-announce/2014-February/020178.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?62fa0086" ); script_set_attribute( attribute:"solution", value:"Update the affected postgresql and / or postgresql84 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0061"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:postgresql84-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/31"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"postgresql84-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"postgresql84-contrib-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"postgresql84-devel-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"postgresql84-docs-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"postgresql84-libs-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"postgresql84-plperl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"postgresql84-plpython-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"postgresql84-pltcl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"postgresql84-python-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"postgresql84-server-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"postgresql84-tcl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"postgresql84-test-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"postgresql-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"postgresql-contrib-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"postgresql-devel-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"postgresql-docs-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"postgresql-libs-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"postgresql-plperl-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"postgresql-plpython-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"postgresql-pltcl-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"postgresql-server-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"postgresql-test-8.4.20-1.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-devel / etc"); }NASL family Scientific Linux Local Security Checks NASL id SL_20140225_POSTGRESQL84_AND_POSTGRESQL_ON_SL5_X.NASL description Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the last seen 2020-03-18 modified 2014-02-26 plugin id 72699 published 2014-02-26 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72699 title Scientific Linux Security Update : postgresql84 and postgresql on SL5.x, SL6.x i386/x86_64 (20140225) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(72699); script_version("1.14"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066"); script_name(english:"Scientific Linux Security Update : postgresql84 and postgresql on SL5.x, SL6.x i386/x86_64 (20140225)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the 'ADMIN' option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from a SQL role which they were granted access to. (CVE-2014-0060) A flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061) A race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062) It was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a NULL pointer dereference. (CVE-2014-0066) These updated packages upgrade PostgreSQL to version 8.4.20, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release-8-4-19.html http://www.postgresql.org/docs/8.4/static/release-8-4-20.html If the postgresql service is running, it will be automatically restarted after installing this update." ); # http://www.postgresql.org/docs/8.4/static/release-8-4-19.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/8.4/release-8-4-19.html" ); # http://www.postgresql.org/docs/8.4/static/release-8-4-20.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/8.4/release-8-4-20.html" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1402&L=scientific-linux-errata&T=0&P=2810 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?25b700d8" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql84-test"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/31"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"postgresql84-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-contrib-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-debuginfo-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-devel-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-docs-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-libs-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-plperl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-plpython-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-pltcl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-python-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-server-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-tcl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql84-test-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"SL6", reference:"postgresql-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"postgresql-contrib-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"postgresql-debuginfo-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"postgresql-devel-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"postgresql-docs-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"postgresql-libs-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"postgresql-plperl-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"postgresql-plpython-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"postgresql-pltcl-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"postgresql-server-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"postgresql-test-8.4.20-1.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-debuginfo / etc"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-047.NASL description Multiple vulnerabilities has been discovered and corrected in postgresql : Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions (CVE-2014-0060). The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any (CVE-2014-0061). If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack (CVE-2014-0062). The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own (CVE-2014-0063). Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past (CVE-2014-0064). Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type (CVE-2014-0065). There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., FIPS mode) (CVE-2014-0066). Since the temporary server started by make check uses trust authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine (CVE-2014-0067). This advisory provides the latest version of PostgreSQL that is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 72642 published 2014-02-23 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72642 title Mandriva Linux Security Advisory : postgresql (MDVSA-2014:047) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:047. # The text itself is copyright (C) Mandriva S.A. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(72642); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066", "CVE-2014-0067"); script_bugtraq_id(65719, 65721, 65723, 65724, 65725, 65727, 65728, 65731); script_xref(name:"MDVSA", value:"2014:047"); script_name(english:"Mandriva Linux Security Advisory : postgresql (MDVSA-2014:047)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been discovered and corrected in postgresql : Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions (CVE-2014-0060). The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any (CVE-2014-0061). If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack (CVE-2014-0062). The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own (CVE-2014-0063). Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past (CVE-2014-0064). Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type (CVE-2014-0065). There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., FIPS mode) (CVE-2014-0066). Since the temporary server started by make check uses trust authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine (CVE-2014-0067). This advisory provides the latest version of PostgreSQL that is not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.2/release-9-2-5.html" ); script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.2/release-9-2-6.html" ); script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.2/release-9-2-7.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ecpg9.2_6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64pq9.2_5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql9.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql9.2-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql9.2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql9.2-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql9.2-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql9.2-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql9.2-plpgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql9.2-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql9.2-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:postgresql9.2-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64ecpg9.2_6-9.2.7-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64pq9.2_5-9.2.7-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"postgresql9.2-9.2.7-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"postgresql9.2-contrib-9.2.7-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"postgresql9.2-devel-9.2.7-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"postgresql9.2-docs-9.2.7-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"postgresql9.2-pl-9.2.7-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"postgresql9.2-plperl-9.2.7-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"postgresql9.2-plpgsql-9.2.7-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"postgresql9.2-plpython-9.2.7-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"postgresql9.2-pltcl-9.2.7-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"postgresql9.2-server-9.2.7-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Scientific Linux Local Security Checks NASL id SL_20140304_POSTGRESQL_ON_SL5_X.NASL description Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the last seen 2020-03-18 modified 2014-03-05 plugin id 72811 published 2014-03-05 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72811 title Scientific Linux Security Update : postgresql on SL5.x i386/x86_64 (20140304) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(72811); script_version("1.15"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066"); script_name(english:"Scientific Linux Security Update : postgresql on SL5.x i386/x86_64 (20140304)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the 'ADMIN' option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from a SQL role which they were granted access to. (CVE-2014-0060) A flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061) A race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062) It was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a NULL pointer dereference. (CVE-2014-0066) If the postgresql service is running, it will be automatically restarted after installing this update." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1403&L=scientific-linux-errata&T=0&P=323 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1947d45e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-test"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/31"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"postgresql-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql-contrib-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql-debuginfo-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql-devel-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql-docs-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql-libs-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql-pl-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql-python-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql-server-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql-tcl-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"postgresql-test-8.1.23-10.el5_10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-debuginfo / etc"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_42D420909A4D11E3B02908002798F6FF.NASL description PostgreSQL Project reports : This update fixes CVE-2014-0060, in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN OPTION permission. It also fixes multiple privilege escalation issues, including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, and CVE-2014-0066. More information on these issues can be found on our security page and the security issue detail wiki page. With this release, we are also alerting users to a known security hole that allows other users on the same machine to gain access to an operating system account while it is doing last seen 2020-06-01 modified 2020-06-02 plugin id 72612 published 2014-02-21 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72612 title FreeBSD : PostgreSQL -- multiple privilege issues (42d42090-9a4d-11e3-b029-08002798f6ff) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(72612); script_version("1.7"); script_cvs_date("Date: 2018/11/10 11:49:43"); script_cve_id("CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066", "CVE-2014-0067"); script_name(english:"FreeBSD : PostgreSQL -- multiple privilege issues (42d42090-9a4d-11e3-b029-08002798f6ff)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "PostgreSQL Project reports : This update fixes CVE-2014-0060, in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN OPTION permission. It also fixes multiple privilege escalation issues, including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, and CVE-2014-0066. More information on these issues can be found on our security page and the security issue detail wiki page. With this release, we are also alerting users to a known security hole that allows other users on the same machine to gain access to an operating system account while it is doing 'make check' : CVE-2014-0067. 'Make check' is normally part of building PostgreSQL from source code. As it is not possible to fix this issue without causing significant issues to our testing infrastructure, a patch will be released separately and publicly. Until then, users are strongly advised not to run 'make check' on machines where untrusted users have accounts." ); # https://vuxml.freebsd.org/freebsd/42d42090-9a4d-11e3-b029-08002798f6ff.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4598304a" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"postgresql-server<8.4.20")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=9.0.0<9.0.16")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=9.1.0<9.1.12")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=9.2.0<9.2.7")) flag++; if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=9.3.0<9.3.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-192.NASL description The PostgreSQL database was updated to the security and bugfix release 9.2.7, which following fixes : - Shore up GRANT ... WITH ADMIN OPTION restrictions (CVE-2014-0060, bnc#864845) - Prevent privilege escalation via manual calls to PL validator functions (CVE-2014-0061, bnc#864846) - Avoid multiple name lookups during table and index DDL (CVE-2014-0062, bnc#864847) - Prevent buffer overrun with long datetime strings (CVE-2014-0063, bnc#864850) - Prevent buffer overrun due to integer overflow in size calculations (CVE-2014-0064, bnc#864851) - Prevent overruns of fixed-size buffers (CVE-2014-0065, bnc#864852) - Avoid crashing if crypt() returns NULL (CVE-2014-0066, bnc#864853) - Document risks of make check in the regression testing instructions (CVE-2014-0067) - For the other (many!) bug fixes, see the release notes: http://www.postgresql.org/docs/9.3/static/release-9-2-7. html last seen 2020-06-05 modified 2014-06-13 plugin id 75281 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75281 title openSUSE Security Update : postgresql92 (openSUSE-SU-2014:0345-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-192. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75281); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066", "CVE-2014-0067"); script_name(english:"openSUSE Security Update : postgresql92 (openSUSE-SU-2014:0345-1)"); script_summary(english:"Check for the openSUSE-2014-192 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The PostgreSQL database was updated to the security and bugfix release 9.2.7, which following fixes : - Shore up GRANT ... WITH ADMIN OPTION restrictions (CVE-2014-0060, bnc#864845) - Prevent privilege escalation via manual calls to PL validator functions (CVE-2014-0061, bnc#864846) - Avoid multiple name lookups during table and index DDL (CVE-2014-0062, bnc#864847) - Prevent buffer overrun with long datetime strings (CVE-2014-0063, bnc#864850) - Prevent buffer overrun due to integer overflow in size calculations (CVE-2014-0064, bnc#864851) - Prevent overruns of fixed-size buffers (CVE-2014-0065, bnc#864852) - Avoid crashing if crypt() returns NULL (CVE-2014-0066, bnc#864853) - Document risks of make check in the regression testing instructions (CVE-2014-0067) - For the other (many!) bug fixes, see the release notes: http://www.postgresql.org/docs/9.3/static/release-9-2-7. html" ); # http://www.postgresql.org/docs/9.3/static/release-9-2-7.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.3/release-9-2-7.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=864845" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=864846" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=864847" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=864850" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=864851" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=864852" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=864853" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html" ); script_set_attribute( attribute:"solution", value:"Update the affected postgresql92 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-contrib-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-libs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-plperl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-plpython-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-pltcl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql92-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"libecpg6-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libecpg6-debuginfo-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libpq5-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libpq5-debuginfo-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-contrib-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-contrib-debuginfo-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-debuginfo-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-debugsource-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-devel-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-devel-debuginfo-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-libs-debugsource-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-plperl-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-plperl-debuginfo-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-plpython-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-plpython-debuginfo-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-pltcl-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-pltcl-debuginfo-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-server-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"postgresql92-server-debuginfo-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libecpg6-32bit-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libecpg6-debuginfo-32bit-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libpq5-32bit-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libpq5-debuginfo-32bit-9.2.7-1.12.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libecpg6-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libecpg6-debuginfo-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpq5-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpq5-debuginfo-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-contrib-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-contrib-debuginfo-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-debuginfo-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-debugsource-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-devel-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-devel-debuginfo-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-libs-debugsource-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-plperl-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-plperl-debuginfo-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-plpython-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-plpython-debuginfo-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-pltcl-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-pltcl-debuginfo-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-server-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"postgresql92-server-debuginfo-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libecpg6-32bit-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libecpg6-debuginfo-32bit-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpq5-32bit-9.2.7-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpq5-debuginfo-32bit-9.2.7-4.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql92"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0211.NASL description Updated postgresql84 and postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the last seen 2020-06-01 modified 2020-06-02 plugin id 72698 published 2014-02-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72698 title RHEL 5 / 6 : postgresql84 and postgresql (RHSA-2014:0211) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0211. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(72698); script_version("1.21"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066"); script_bugtraq_id(65719, 65723, 65724, 65725, 65727, 65728, 65731); script_xref(name:"RHSA", value:"2014:0211"); script_name(english:"RHEL 5 / 6 : postgresql84 and postgresql (RHSA-2014:0211)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated postgresql84 and postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the 'ADMIN' option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from a SQL role which they were granted access to. (CVE-2014-0060) A flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061) A race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062) It was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a NULL pointer dereference. (CVE-2014-0066) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Noah Misch as the original reporter of CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as the original reporters of CVE-2014-0065, Andres Freund as the original reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the original reporters of CVE-2014-0066. These updated packages upgrade PostgreSQL to version 8.4.20, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release-8-4-19.html http://www.postgresql.org/docs/8.4/static/release-8-4-20.html All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update." ); # http://www.postgresql.org/docs/8.4/static/release-8-4-19.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/8.4/release-8-4-19.html" ); # http://www.postgresql.org/docs/8.4/static/release-8-4-20.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/8.4/release-8-4-20.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:0211" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0066" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0064" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0065" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0062" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0063" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0060" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0061" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql84-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/31"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:0211"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql84-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql84-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql84-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql84-contrib-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql84-contrib-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql84-contrib-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"postgresql84-debuginfo-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"postgresql84-devel-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql84-docs-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql84-docs-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql84-docs-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"postgresql84-libs-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql84-plperl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql84-plperl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql84-plperl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql84-plpython-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql84-plpython-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql84-plpython-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql84-pltcl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql84-pltcl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql84-pltcl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql84-python-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql84-python-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql84-python-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql84-server-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql84-server-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql84-server-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql84-tcl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql84-tcl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql84-tcl-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql84-test-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql84-test-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql84-test-8.4.20-1.el5_10")) flag++; if (rpm_check(release:"RHEL6", reference:"postgresql-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-contrib-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-contrib-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-contrib-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"postgresql-debuginfo-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"postgresql-devel-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-docs-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-docs-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-docs-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"postgresql-libs-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-plperl-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-plperl-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-plperl-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-plpython-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-plpython-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-plpython-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-pltcl-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-pltcl-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-pltcl-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-server-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-server-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-server-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-test-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-test-8.4.20-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-test-8.4.20-1.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-debuginfo / etc"); } }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0221.NASL description The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0221. last seen 2020-06-01 modified 2020-06-02 plugin id 72865 published 2014-03-07 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72865 title CentOS 6 : postgresql92-postgresql (CESA-2014:0221) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0221 and # CentOS Errata and Security Advisory 2014:0221 respectively. # include("compat.inc"); if (description) { script_id(72865); script_version("1.8"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066", "CVE-2014-2669"); script_xref(name:"RHSA", value:"2014:0221"); script_name(english:"CentOS 6 : postgresql92-postgresql (CESA-2014:0221)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2014:0221." ); # https://lists.centos.org/pipermail/centos-announce/2014-February/020182.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5bdd8abe" ); script_set_attribute( attribute:"solution", value:"Update the affected postgresql92-postgresql packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0061"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:postgresql92-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:postgresql92-postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:postgresql92-postgresql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:postgresql92-postgresql-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:postgresql92-postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:postgresql92-postgresql-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:postgresql92-postgresql-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:postgresql92-postgresql-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:postgresql92-postgresql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:postgresql92-postgresql-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos-scl:postgresql92-postgresql-upgrade"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/31"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"postgresql92-postgresql-9.2.7-1.1.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"postgresql92-postgresql-contrib-9.2.7-1.1.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"postgresql92-postgresql-devel-9.2.7-1.1.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"postgresql92-postgresql-docs-9.2.7-1.1.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"postgresql92-postgresql-libs-9.2.7-1.1.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"postgresql92-postgresql-plperl-9.2.7-1.1.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"postgresql92-postgresql-plpython-9.2.7-1.1.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"postgresql92-postgresql-pltcl-9.2.7-1.1.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"postgresql92-postgresql-server-9.2.7-1.1.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"postgresql92-postgresql-test-9.2.7-1.1.el6.centos.alt")) flag++; if (rpm_check(release:"CentOS-6", cpu:"x86_64", reference:"postgresql92-postgresql-upgrade-9.2.7-1.1.el6.centos.alt")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql92-postgresql / postgresql92-postgresql-contrib / etc"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0249.NASL description From Red Hat Security Advisory 2014:0249 : Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the last seen 2020-06-01 modified 2020-06-02 plugin id 72809 published 2014-03-05 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72809 title Oracle Linux 5 : postgresql (ELSA-2014-0249) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0249 and # Oracle Linux Security Advisory ELSA-2014-0249 respectively. # include("compat.inc"); if (description) { script_id(72809); script_version("1.17"); script_cvs_date("Date: 2019/09/30 10:58:18"); script_cve_id("CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066"); script_bugtraq_id(65719, 65723, 65724, 65725, 65727, 65728, 65731); script_xref(name:"RHSA", value:"2014:0249"); script_name(english:"Oracle Linux 5 : postgresql (ELSA-2014-0249)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2014:0249 : Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the 'ADMIN' option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from a SQL role which they were granted access to. (CVE-2014-0060) A flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061) A race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062) It was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a NULL pointer dereference. (CVE-2014-0066) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Noah Misch as the original reporter of CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as the original reporters of CVE-2014-0065, Andres Freund as the original reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the original reporters of CVE-2014-0066. All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-March/004000.html" ); script_set_attribute( attribute:"solution", value:"Update the affected postgresql packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:postgresql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:postgresql-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:postgresql-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:postgresql-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:postgresql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:postgresql-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:postgresql-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/31"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"postgresql-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"postgresql-contrib-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"postgresql-devel-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"postgresql-docs-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"postgresql-libs-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"postgresql-pl-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"postgresql-python-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"postgresql-server-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"postgresql-tcl-8.1.23-10.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"postgresql-test-8.1.23-10.el5_10")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-devel / etc"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SERVER_4_0.NASL description The remote Mac OS X host has a version of OS X Server installed that is prior to version 4.0. It is, therefore, affected by the following vulnerabilities : - There are multiple vulnerabilities within the included BIND, the most serious of which can lead to a denial of service. (CVE-2013-3919, CVE-2013-4854, CVE-2014-0591) - There are multiple vulnerabilities within the included LibYAML for the Profile Manager and ServerRuby, the most serious of which can lead to arbitrary code execution. (CVE-2013-4164, CVE-2013-6393) - There are multiple vulnerabilities within the included PostgreSQL, the most serious of which can lead to arbitrary code execution. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the last seen 2020-06-01 modified 2020-06-02 plugin id 78601 published 2014-10-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78601 title Mac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(78601); script_version("1.16"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2013-3919", "CVE-2013-4164", "CVE-2013-4854", "CVE-2013-6393", "CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066", "CVE-2014-0591", "CVE-2014-3566", "CVE-2014-4406", "CVE-2014-4424", "CVE-2014-4446", "CVE-2014-4447" ); script_bugtraq_id( 60338, 61479, 63873, 64801, 65258, 65719, 65723, 65724, 65725, 65727, 65728, 65731, 69918, 69935, 70574 ); script_xref(name:"CERT", value:"577193"); script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-10-16-3"); script_name(english:"Mac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE)"); script_summary(english:"Checks the OS X Server version."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a security update for OS X Server."); script_set_attribute(attribute:"description", value: "The remote Mac OS X host has a version of OS X Server installed that is prior to version 4.0. It is, therefore, affected by the following vulnerabilities : - There are multiple vulnerabilities within the included BIND, the most serious of which can lead to a denial of service. (CVE-2013-3919, CVE-2013-4854, CVE-2014-0591) - There are multiple vulnerabilities within the included LibYAML for the Profile Manager and ServerRuby, the most serious of which can lead to arbitrary code execution. (CVE-2013-4164, CVE-2013-6393) - There are multiple vulnerabilities within the included PostgreSQL, the most serious of which can lead to arbitrary code execution. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the 'POODLE' issue. (CVE-2014-3566) - A cross-site scripting flaw exists in the Xcode Server due to not properly validating input before returning it to the user. This can allow a remote attacker, using a specially crafted request, to execute code within the browser / server trust relationship. (CVE-2014-4406) - A SQL injection flaw exists in the Wiki Server due to not properly sanitizing user input before using it in SQL queries. This can allow a remote attacker, using a specially crafted request, to inject or manipulate SQL queries, thus allowing the manipulation or disclosure of arbitrary data. (CVE-2014-4424) - A restriction bypass flaw exists in the Mail Server due to SCAL changes being cached and not enforced until the service had restarted. This can allow an authenticated remote attacker to bypass those restrictions. (CVE-2014-4446) - A password disclosure flaw exists in the Profile Manager due to passwords being potentially saved to a file when editing or setting up a profile. This can allow a local attacker to gain access to password information. (CVE-2014-4447)"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6536"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/533722/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2014/10/14/poodle.html"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/ssl-poodle.pdf"); script_set_attribute(attribute:"see_also", value:"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00"); script_set_attribute(attribute:"solution", value: "Upgrade to Mac OS X Server version 4.0 or later. Note that OS X Server 4.0 is available only for OS X 10.10 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4424"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"in_the_news", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_server_services.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Server/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); version = get_kb_item_or_exit("MacOSX/Server/Version"); fixed_version = "4.0"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { set_kb_item(name:'www/0/SQLInjection', value:TRUE); set_kb_item(name:'www/0/XSS', value:TRUE); if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_VER_NOT_VULN, "OS X Server", version);NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2865.NASL description Various vulnerabilities were discovered in PostgreSQL : - CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch) Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. - CVE-2014-0061 Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. - CVE-2014-0062 Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund) If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. - CVE-2014-0063 Prevent buffer overrun with long datetime strings (Noah Misch) The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. - CVE-2014-0064 CVE-2014-2669 Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas) Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. - CVE-2014-0065 Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich) Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. - CVE-2014-0066 Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian) There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., last seen 2020-03-17 modified 2014-02-21 plugin id 72611 published 2014-02-21 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72611 title Debian DSA-2865-1 : postgresql-9.1 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2865. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(72611); script_version("1.22"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066", "CVE-2014-0067", "CVE-2014-2669"); script_bugtraq_id(65728); script_xref(name:"DSA", value:"2865"); script_name(english:"Debian DSA-2865-1 : postgresql-9.1 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Various vulnerabilities were discovered in PostgreSQL : - CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch) Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. - CVE-2014-0061 Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. - CVE-2014-0062 Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund) If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. - CVE-2014-0063 Prevent buffer overrun with long datetime strings (Noah Misch) The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. - CVE-2014-0064 CVE-2014-2669 Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas) Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. - CVE-2014-0065 Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich) Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. - CVE-2014-0066 Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian) There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., 'FIPS mode'). - CVE-2014-0067 Document risks of make check in the regression testing instructions (Noah Misch, Tom Lane) Since the temporary server started by make check uses 'trust' authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-0060" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-0061" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-0062" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-0063" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-0064" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-2669" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-0065" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-0066" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-0067" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/postgresql-9.1" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-2865" ); script_set_attribute( attribute:"solution", value: "Upgrade the postgresql-9.1 packages. For the stable distribution (wheezy), these problems have been fixed in version 9.1_9.1.12-0wheezy1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/31"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libecpg-compat3", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"libecpg-dev", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"libecpg6", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"libpgtypes3", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"libpq-dev", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"libpq5", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-9.1", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-9.1-dbg", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-client-9.1", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-contrib-9.1", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-doc-9.1", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-plperl-9.1", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-plpython-9.1", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-plpython3-9.1", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-pltcl-9.1", reference:"9.1_9.1.12-0wheezy1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-server-dev-9.1", reference:"9.1_9.1.12-0wheezy1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0249.NASL description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the last seen 2020-06-01 modified 2020-06-02 plugin id 72805 published 2014-03-05 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72805 title CentOS 5 : postgresql (CESA-2014:0249) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2864.NASL description Various vulnerabilities were discovered in PostgreSQL : - CVE-2014-0060 Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch) Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. - CVE-2014-0061 Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. - CVE-2014-0062 Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund) If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. - CVE-2014-0063 Prevent buffer overrun with long datetime strings (Noah Misch) The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. - CVE-2014-0064 Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas) Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. - CVE-2014-0065 Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich) Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. - CVE-2014-0066 Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian) There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., last seen 2020-03-17 modified 2014-02-21 plugin id 72610 published 2014-02-21 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72610 title Debian DSA-2864-1 : postgresql-8.4 - several vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0211.NASL description From Red Hat Security Advisory 2014:0211 : Updated postgresql84 and postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the last seen 2020-06-01 modified 2020-06-02 plugin id 72697 published 2014-02-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72697 title Oracle Linux 5 / 6 : postgresql / postgresql84 (ELSA-2014-0211) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-306.NASL description Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the last seen 2020-06-01 modified 2020-06-02 plugin id 73060 published 2014-03-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73060 title Amazon Linux AMI : postgresql9 (ALAS-2014-306) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-110.NASL description Updated postgresql packages fix multiple security vulnerabilities : Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions (CVE-2014-0060). The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any (CVE-2014-0061). If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack (CVE-2014-0062). The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own (CVE-2014-0063). Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past (CVE-2014-0064). Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type (CVE-2014-0065). There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., FIPS mode) (CVE-2014-0066). Since the temporary server started by make check uses trust authentication, another user on the same machine could connect to it as database superuser, and then potentially exploit the privileges of the operating-system user who started the tests. A future release will probably incorporate changes in the testing procedure to prevent this risk, but some public discussion is needed first. So for the moment, just warn people against using make check when there are untrusted users on the same machine (CVE-2014-0067). A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages (CVE-2014-8161). The function to_char() might read/write past the end of a buffer. This might crash the server when a formatting template is processed (CVE-2015-0241). The pgcrypto module is vulnerable to stack buffer overrun that might crash the server (CVE-2015-0243). Emil Lenngren reported that an attacker can inject SQL commands when the synchronization between client and server is lost (CVE-2015-0244). This update provides PostgreSQL versions 9.3.6 and 9.2.10 that fix these issues, as well as several others. last seen 2020-06-01 modified 2020-06-02 plugin id 82363 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82363 title Mandriva Linux Security Advisory : postgresql (MDVSA-2015:110) NASL family Databases NASL id POSTGRESQL_20140220.NASL description The version of PostgreSQL installed on the remote host is 8.4.x prior to 8.4.20, 9.0.x prior to 9.0.16, 9.1.x prior to 9.1.12, 9.2.x prior to 9.2.7 or 9.3.x prior to 9.3.3. It is, therefore, potentially affected by multiple vulnerabilities : - SET ROLE bypasses lack of ADMIN OPTION when granting roles. (CVE-2014-0060) - It is possible to elevate privileges via calls to validator functions. (CVE-2014-0061) - It is possible to elevate privileges via a race condition in CREATE INDEX. (CVE-2014-0062) - Potential buffer overruns exist due to integer overflow in size calculations. (CVE-2014-0063) - Potential buffer overruns exist in datetime input/output. (CVE-2014-0064) - Multiple fixed-size buffers exist that could potentially be overflowed. (CVE-2014-0065) - A potential NULL pointer dereference crash is possible when crypt(3) returns NULL. (CVE-2014-0066) - Multiple integer overflow vulnerabilities exist in last seen 2020-06-01 modified 2020-06-02 plugin id 72659 published 2014-02-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72659 title PostgreSQL 8.4 < 8.4.20 / 9.0 < 9.0.16 / 9.1 < 9.1.12 / 9.2 < 9.2.7 / 9.3 < 9.3.3 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_LIBECPG6-140303.NASL description The PostgreSQL database server was updated to version 9.1.12 to fix various security issues : - Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) - The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. The fix involves adding a call to a privilege-checking function in each validator function. Non-core procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) - If the name lookups come to different conclusions due to concurrent activity, we might perform some parts of the DDL on a different table than other parts. At least in the case of CREATE INDEX, this can be used to cause the permissions checks to be performed against a different table than the index creation, allowing for a privilege escalation attack. (CVE-2014-0062) - The MAXDATELEN constant was too small for the longest possible value of type interval, allowing a buffer overrun in interval_out(). Although the datetime input functions were more careful about avoiding buffer overrun, the limit was short enough to cause them to reject some valid inputs, such as input containing a very long timezone name. The ecpg library contained these vulnerabilities along with some of its own. (CVE-2014-0063) - Several functions, mostly type input functions, calculated an allocation size without checking for overflow. If overflow did occur, a too-small buffer would be allocated and then written past. (CVE-2014-0064) - Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun. Unlike the preceding items, it is unclear whether these cases really represent live issues, since in most cases there appear to be previous constraints on the size of the input string. Nonetheless it seems prudent to silence all Coverity warnings of this type. (CVE-2014-0065) - There are relatively few scenarios in which crypt() could return NULL, but contrib/chkpass would crash if it did. One practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., last seen 2020-06-05 modified 2014-03-31 plugin id 73268 published 2014-03-31 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73268 title SuSE 11.3 Security Update : PostgreSQL 9.1 (SAT Patch Number 8970) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2120-1.NASL description Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. (CVE-2014-0060) Andres Freund discovered that PostgreSQL incorrectly handled validator functions. An authenticated attacker could possibly use this issue to escalate their privileges. (CVE-2014-0061) Andres Freund discovered that PostgreSQL incorrectly handled concurrent CREATE INDEX statements. An authenticated attacker could possibly use this issue to obtain access to restricted data, bypassing intended privileges. (CVE-2014-0062) Daniel Schussler discovered that PostgreSQL incorrectly handled datetime input. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0063) It was discovered that PostgreSQL incorrectly handled certain size calculations. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0064) Peter Eisentraut and Jozef Mlich discovered that PostgreSQL incorrectly handled certain buffer sizes. An authenticated attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0065) Honza Horak discovered that PostgreSQL incorrectly used the crypt() library function. This issue could possibly cause PostgreSQL to crash, resulting in a denial of service (CVE-2014-0066). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2014-02-25 plugin id 72682 published 2014-02-25 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72682 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : postgresql-8.4, postgresql-9.1 vulnerabilities (USN-2120-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-15.NASL description The remote host is affected by the vulnerability described in GLSA-201408-15 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote authenticated attacker may be able to create a Denial of Service condition, bypass security restrictions, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77459 published 2014-08-30 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77459 title GLSA-201408-15 : PostgreSQL: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0249.NASL description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the last seen 2020-06-01 modified 2020-06-02 plugin id 72810 published 2014-03-05 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72810 title RHEL 5 : postgresql (RHSA-2014:0249) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-305.NASL description Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting a SQL role to a database user in a PostgreSQL database without specifying the last seen 2020-06-01 modified 2020-06-02 plugin id 73059 published 2014-03-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73059 title Amazon Linux AMI : postgresql8 (ALAS-2014-305)
Redhat
| advisories |
| ||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2014-0060、CVE-2014-0061、CVE-2014-0062、CVE-2014-0063、CVE-2014-0064、CVE-2014-0065、CVE-2014-0066 Nixu NameSurfer是一个实现集中地址管理覆盖的IPAM软件应用解决方案。 Nixu NameSurfer存在多个安全漏洞: 1,部分输入在使用之前缺少过滤,允许攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 2,解析XML实体时存在错误,允许攻击者利用特制的包含外部实体引用的XML文档来获取本地资源数据或消耗服务器资源。 3,存在未明错误允许攻击者利用漏洞以"namesurf"用户访问任意文件。 4,该产品绑定的postgreSQL存在多个安全漏洞。 0 Nixu NameSurfer 7.x Nixu NameSurfer 7.5.2.1版本已修复该漏洞,建议用户下载使用: http://www.nixusoftware.com/index.php/products/namesurfer |
| id | SSV:62083 |
| last seen | 2017-11-19 |
| modified | 2014-04-08 |
| published | 2014-04-08 |
| reporter | Root |
| title | Nixu NameSurfer多个安全漏洞 |
References
- http://www.debian.org/security/2014/dsa-2864
- http://www.postgresql.org/about/news/1506/
- http://www.postgresql.org/support/security/
- https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a
- http://wiki.postgresql.org/wiki/20140220securityrelease
- http://www.debian.org/security/2014/dsa-2865
- https://bugzilla.redhat.com/show_bug.cgi?id=1065230
- http://rhn.redhat.com/errata/RHSA-2014-0469.html
- http://support.apple.com/kb/HT6448
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
- https://support.apple.com/kb/HT6536
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://www.securityfocus.com/bid/65725
- http://secunia.com/advisories/61307
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.ubuntu.com/usn/USN-2120-1
- http://rhn.redhat.com/errata/RHSA-2014-0249.html
- http://rhn.redhat.com/errata/RHSA-2014-0221.html
- http://rhn.redhat.com/errata/RHSA-2014-0211.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html