Vulnerabilities > CVE-2016-0773 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20160302_POSTGRESQL_ON_SL7_X.NASL description An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-03-18 modified 2016-03-03 plugin id 89099 published 2016-03-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89099 title Scientific Linux Security Update : postgresql on SL7.x x86_64 (20160302) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(89099); script_version("2.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2016-0773"); script_name(english:"Scientific Linux Security Update : postgresql on SL7.x x86_64 (20160302)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) If the postgresql service is running, it will be automatically restarted after installing this update." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1603&L=scientific-linux-errata&F=&S=&P=1782 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8577807f" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-upgrade"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/17"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-9.2.15-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-contrib-9.2.15-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-debuginfo-9.2.15-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-devel-9.2.15-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-docs-9.2.15-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-libs-9.2.15-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-plperl-9.2.15-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-plpython-9.2.15-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-pltcl-9.2.15-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-server-9.2.15-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-test-9.2.15-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-upgrade-9.2.15-1.el7_2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-debuginfo / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2016-E0A6C9EBC4.NASL description minor versino rebase with security fix for CVE-2016-0773 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89623 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89623 title Fedora 23 : postgresql-9.4.6-1.fc23 (2016-e0a6c9ebc4) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2016-e0a6c9ebc4. # include("compat.inc"); if (description) { script_id(89623); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-0773"); script_xref(name:"FEDORA", value:"2016-e0a6c9ebc4"); script_name(english:"Fedora 23 : postgresql-9.4.6-1.fc23 (2016-e0a6c9ebc4)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "minor versino rebase with security fix for CVE-2016-0773 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1303832" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2d4c0b83" ); script_set_attribute( attribute:"solution", value:"Update the affected postgresql package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"postgresql-9.4.6-1.fc23")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0539-1.NASL description This update for postgresql93 fixes the following issues : - Security and bugfix release 9.3.11 : - Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). - Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). - Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). - Fix many issues in pg_dump with specific object types - Prevent over-eager pushdown of HAVING clauses for GROUPING SETS - Fix deparsing error with ON CONFLICT ... WHERE clauses - Fix tableoid errors for postgres_fdw - Prevent floating-point exceptions in pgbench - Make \det search Foreign Table names consistently - Fix quoting of domain constraint names in pg_dump - Prevent putting expanded objects into Const nodes - Allow compile of PL/Java on Windows - Fix last seen 2020-06-01 modified 2020-06-02 plugin id 88891 published 2016-02-23 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88891 title SUSE SLED12 / SLES12 Security Update : postgresql93 (SUSE-SU-2016:0539-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:0539-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(88891); script_version("2.19"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2007-4772", "CVE-2016-0766", "CVE-2016-0773"); script_bugtraq_id(27163); script_name(english:"SUSE SLED12 / SLES12 Security Update : postgresql93 (SUSE-SU-2016:0539-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for postgresql93 fixes the following issues : - Security and bugfix release 9.3.11 : - Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). - Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). - Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). - Fix many issues in pg_dump with specific object types - Prevent over-eager pushdown of HAVING clauses for GROUPING SETS - Fix deparsing error with ON CONFLICT ... WHERE clauses - Fix tableoid errors for postgres_fdw - Prevent floating-point exceptions in pgbench - Make \det search Foreign Table names consistently - Fix quoting of domain constraint names in pg_dump - Prevent putting expanded objects into Const nodes - Allow compile of PL/Java on Windows - Fix 'unresolved symbol' errors in PL/Python execution - Allow Python2 and Python3 to be used in the same database - Add support for Python 3.5 in PL/Python - Fix issue with subdirectory creation during initdb - Make pg_ctl report status correctly on Windows - Suppress confusing error when using pg_receivexlog with older servers - Multiple documentation corrections and additions - Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.3/static/release-9-3-11 .html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.postgresql.org/docs/9.3/static/release-9-3-11.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.3/release-9-3-11.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=966435" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=966436" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2007-4772/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0766/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0773/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20160539-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ffa9a769" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2016-292=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2016-292=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2016-292=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-contrib-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/01/09"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-9.3.11-14.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-contrib-9.3.11-14.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-contrib-debuginfo-9.3.11-14.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-debuginfo-9.3.11-14.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-debugsource-9.3.11-14.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-server-9.3.11-14.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-server-debuginfo-9.3.11-14.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"postgresql93-9.3.11-14.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"postgresql93-debuginfo-9.3.11-14.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"postgresql93-debugsource-9.3.11-14.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql93"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-689.NASL description An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 90631 published 2016-04-22 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90631 title Amazon Linux AMI : postgresql8 (ALAS-2016-689) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2016-689. # include("compat.inc"); if (description) { script_id(90631); script_version("2.3"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2016-0773"); script_xref(name:"ALAS", value:"2016-689"); script_name(english:"Amazon Linux AMI : postgresql8 (ALAS-2016-689)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2016-689.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update postgresql8' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql8-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql8-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql8-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql8-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql8-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql8-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql8-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql8-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql8-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql8-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"postgresql8-8.4.20-5.52.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql8-contrib-8.4.20-5.52.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql8-debuginfo-8.4.20-5.52.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql8-devel-8.4.20-5.52.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql8-docs-8.4.20-5.52.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql8-libs-8.4.20-5.52.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql8-plperl-8.4.20-5.52.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql8-plpython-8.4.20-5.52.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql8-pltcl-8.4.20-5.52.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql8-server-8.4.20-5.52.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql8-test-8.4.20-5.52.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql8 / postgresql8-contrib / postgresql8-debuginfo / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3476.NASL description Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. - CVE-2016-0766 A privilege escalation vulnerability for users of PL/Java was discovered. Certain custom configuration settings (GUCs) for PL/Java will now be modifiable only by the database superuser to mitigate this issue. - CVE-2016-0773 Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL processes specially crafted regular expressions. Very large character ranges in bracket expressions could cause infinite loops or memory overwrites. A remote attacker can exploit this flaw to cause a denial of service or, potentially, to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 88727 published 2016-02-15 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88727 title Debian DSA-3476-1 : postgresql-9.4 - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3476. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(88727); script_version("2.8"); script_cvs_date("Date: 2018/11/10 11:49:37"); script_cve_id("CVE-2016-0766", "CVE-2016-0773"); script_xref(name:"DSA", value:"3476"); script_name(english:"Debian DSA-3476-1 : postgresql-9.4 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. - CVE-2016-0766 A privilege escalation vulnerability for users of PL/Java was discovered. Certain custom configuration settings (GUCs) for PL/Java will now be modifiable only by the database superuser to mitigate this issue. - CVE-2016-0773 Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL processes specially crafted regular expressions. Very large character ranges in bracket expressions could cause infinite loops or memory overwrites. A remote attacker can exploit this flaw to cause a denial of service or, potentially, to execute arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-0766" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-0773" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/postgresql-9.4" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2016/dsa-3476" ); script_set_attribute( attribute:"solution", value: "Upgrade the postgresql-9.4 packages. For the stable distribution (jessie), these problems have been fixed in version 9.4.6-0+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-9.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libecpg-compat3", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libecpg-dev", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libecpg6", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libpgtypes3", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libpq-dev", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libpq5", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-9.4", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-9.4-dbg", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-client-9.4", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-contrib-9.4", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-doc-9.4", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-plperl-9.4", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-plpython-9.4", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-plpython3-9.4", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-pltcl-9.4", reference:"9.4.6-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-server-dev-9.4", reference:"9.4.6-0+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2894-1.NASL description It was discovered that PostgreSQL incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773) It was discovered that PostgreSQL incorrectly handled certain configuration settings (GUCS) for users of PL/Java. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-0766). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88712 published 2016-02-12 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88712 title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities (USN-2894-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2894-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(88712); script_version("1.13"); script_cvs_date("Date: 2019/09/18 12:31:45"); script_cve_id("CVE-2016-0766", "CVE-2016-0773"); script_xref(name:"USN", value:"2894-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities (USN-2894-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that PostgreSQL incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773) It was discovered that PostgreSQL incorrectly handled certain configuration settings (GUCS) for users of PL/Java. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-0766). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2894-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected postgresql-9.1, postgresql-9.3 and / or postgresql-9.4 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-9.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-9.3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-9.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/17"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"postgresql-9.1", pkgver:"9.1.20-0ubuntu0.12.04")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"postgresql-9.3", pkgver:"9.3.11-0ubuntu0.14.04")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"postgresql-9.4", pkgver:"9.4.6-0ubuntu0.15.10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql-9.1 / postgresql-9.3 / postgresql-9.4"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3475.NASL description Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt() function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. - CVE-2016-0766 A privilege escalation vulnerability for users of PL/Java was discovered. Certain custom configuration settings (GUCs) for PL/Java will now be modifiable only by the database superuser to mitigate this issue. - CVE-2016-0773 Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL processes specially crafted regular expressions. Very large character ranges in bracket expressions could cause infinite loops or memory overwrites. A remote attacker can exploit this flaw to cause a denial of service or, potentially, to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 88726 published 2016-02-15 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88726 title Debian DSA-3475-1 : postgresql-9.1 - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3475. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(88726); script_version("2.10"); script_cvs_date("Date: 2018/11/10 11:49:37"); script_cve_id("CVE-2015-5288", "CVE-2016-0766", "CVE-2016-0773"); script_xref(name:"DSA", value:"3475"); script_name(english:"Debian DSA-3475-1 : postgresql-9.1 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2015-5288 Josh Kupershmidt discovered a vulnerability in the crypt() function in the pgCrypto extension. Certain invalid salt arguments can cause the server to crash or to disclose a few bytes of server memory. - CVE-2016-0766 A privilege escalation vulnerability for users of PL/Java was discovered. Certain custom configuration settings (GUCs) for PL/Java will now be modifiable only by the database superuser to mitigate this issue. - CVE-2016-0773 Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL processes specially crafted regular expressions. Very large character ranges in bracket expressions could cause infinite loops or memory overwrites. A remote attacker can exploit this flaw to cause a denial of service or, potentially, to execute arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2015-5288" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-0766" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-0773" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/postgresql-9.1" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2016/dsa-3475" ); script_set_attribute( attribute:"solution", value: "Upgrade the postgresql-9.1 packages. For the oldstable distribution (wheezy), these problems have been fixed in version 9.1.20-0+deb7u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libecpg-compat3", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libecpg-dev", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libecpg6", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libpgtypes3", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libpq-dev", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libpq5", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-9.1", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-9.1-dbg", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-client-9.1", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-contrib-9.1", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-doc-9.1", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-plperl-9.1", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-plpython-9.1", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-plpython3-9.1", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-pltcl-9.1", reference:"9.1.20-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"postgresql-server-dev-9.1", reference:"9.1.20-0+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-0347.NASL description Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 89097 published 2016-03-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89097 title RHEL 6 : postgresql (RHSA-2016:0347) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:0347. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(89097); script_version("2.17"); script_cvs_date("Date: 2019/10/24 15:35:41"); script_cve_id("CVE-2016-0773"); script_xref(name:"RHSA", value:"2016:0347"); script_name(english:"RHEL 6 : postgresql (RHSA-2016:0347)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update." ); # http://www.postgresql.org/about/news/1644/ script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/about/news/1644/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:0347" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-0773" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/17"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:0347"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"postgresql-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-contrib-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-contrib-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-contrib-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", reference:"postgresql-debuginfo-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", reference:"postgresql-devel-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-docs-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-docs-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-docs-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", reference:"postgresql-libs-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-plperl-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-plperl-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-plperl-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-plpython-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-plpython-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-plpython-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-pltcl-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-pltcl-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-pltcl-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-server-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-server-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-server-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"postgresql-test-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"postgresql-test-8.4.20-5.el6_7")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"postgresql-test-8.4.20-5.el6_7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-debuginfo / etc"); } }NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0555-1.NASL description This update for postgresql94 fixes the following issues : - Security and bugfix release 9.4.6 : - *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. - Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). - Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). - Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). - Fix many issues in pg_dump with specific object types - Prevent over-eager pushdown of HAVING clauses for GROUPING SETS - Fix deparsing error with ON CONFLICT ... WHERE clauses - Fix tableoid errors for postgres_fdw - Prevent floating-point exceptions in pgbench - Make \det search Foreign Table names consistently - Fix quoting of domain constraint names in pg_dump - Prevent putting expanded objects into Const nodes - Allow compile of PL/Java on Windows - Fix last seen 2020-06-01 modified 2020-06-02 plugin id 88948 published 2016-02-25 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88948 title SUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2016:0555-1) NASL family Fedora Local Security Checks NASL id FEDORA_2016-B0C2412AB2.NASL description minor version update with security fix for CVE-2016-0773 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89596 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89596 title Fedora 22 : postgresql-9.4.6-1.fc22 (2016-b0c2412ab2) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1001.NASL description According to the version of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.(CVE-2016-0773) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99764 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99764 title EulerOS 2.0 SP1 : postgresql (EulerOS-SA-2016-1001) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E8B6605BD29F11E584586CC21735F730.NASL description PostgreSQL project reports : Security Fixes for Regular Expressions, PL/Java - CVE-2016-0773: This release closes security hole CVE-2016-0773, an issue with regular expression (regex) parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a backend crash. This issue is critical for PostgreSQL systems with untrusted users or which generate regexes based on user input. - CVE-2016-0766: The update also fixes CVE-2016-0766, a privilege escalation issue for users of PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be modifiable only by the database superuser last seen 2020-06-01 modified 2020-06-02 plugin id 88731 published 2016-02-15 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88731 title FreeBSD : PostgreSQL -- Security Fixes for Regular Expressions, PL/Java. (e8b6605b-d29f-11e5-8458-6cc21735f730) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-271.NASL description This update for postgresql94 fixes the following issues : - Security and bugfix release 9.4.6 : - *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. - Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). - Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). - Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). - Fix many issues in pg_dump with specific object types - Prevent over-eager pushdown of HAVING clauses for GROUPING SETS - Fix deparsing error with ON CONFLICT ... WHERE clauses - Fix tableoid errors for postgres_fdw - Prevent floating-point exceptions in pgbench - Make \det search Foreign Table names consistently - Fix quoting of domain constraint names in pg_dump - Prevent putting expanded objects into Const nodes - Allow compile of PL/Java on Windows - Fix last seen 2020-06-05 modified 2016-02-26 plugin id 88980 published 2016-02-26 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88980 title openSUSE Security Update : postgresql94 (openSUSE-2016-271) NASL family Scientific Linux Local Security Checks NASL id SL_20160302_POSTGRESQL_ON_SL6_X.NASL description An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-03-18 modified 2016-03-03 plugin id 89098 published 2016-03-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89098 title Scientific Linux Security Update : postgresql on SL6.x i386/x86_64 (20160302) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0677-1.NASL description This update for postgresql94 fixes the following issues : - Security and bugfix release 9.4.6 : - *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. - Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). - Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). - Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). - Fix many issues in pg_dump with specific object types - Prevent over-eager pushdown of HAVING clauses for GROUPING SETS - Fix deparsing error with ON CONFLICT ... WHERE clauses - Fix tableoid errors for postgres_fdw - Prevent floating-point exceptions in pgbench - Make \det search Foreign Table names consistently - Fix quoting of domain constraint names in pg_dump - Prevent putting expanded objects into Const nodes - Allow compile of PL/Java on Windows - Fix last seen 2020-06-01 modified 2020-06-02 plugin id 89730 published 2016-03-08 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89730 title SUSE SLED11 / SLES11 Security Update : postgresql94 (SUSE-SU-2016:0677-1) NASL family Databases NASL id POSTGRESQL_20160215.NASL description The version of PostgreSQL installed on the remote host is 9.1.x prior to 9.1.20, 9.2.x prior to 9.2.15, 9.3.x prior to 9.3.11, 9.4.x prior to 9.4.6, or 9.5.x prior to 9.5.1. It is, therefore, affected by the following vulnerabilities : - An integer overflow condition exists due to improper validation of user-supplied input when handling regular expressions. An authenticated, remote attacker can exploit this, via a large Unicode character range in a regular expression, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0773) - A privilege escalation vulnerability exists due to a flaw in the init_custom_variable() function that is triggered during the handling of PL/Java. An authenticated, remote attacker can exploit this to gain elevation privileges. (CVE-2016-0766) last seen 2020-06-01 modified 2020-06-02 plugin id 88808 published 2016-02-17 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88808 title PostgreSQL 9.1.x < 9.1.20 / 9.2.x < 9.2.15 / 9.3.x < 9.3.11 / 9.4.x < 9.4.6 / 9.5.x < 9.5.1 Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-0347.NASL description Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 89088 published 2016-03-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89088 title CentOS 6 : postgresql (CESA-2016:0347) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-0346.NASL description Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. This update upgrades PostgreSQL to version 9.2.15. Refer to the Release Notes linked to in the References section for a detailed list of changes since the previous version. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 89096 published 2016-03-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89096 title RHEL 7 : postgresql (RHSA-2016:0346) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-662.NASL description An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 89843 published 2016-03-11 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89843 title Amazon Linux AMI : postgresql94 / postgresql93,postgresql92 (ALAS-2016-662) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-33.NASL description The remote host is affected by the vulnerability described in GLSA-201701-33 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or escalate privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96474 published 2017-01-13 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96474 title GLSA-201701-33 : PostgreSQL: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-1060.NASL description An update for postgresql92-postgresql is now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es) : * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. last seen 2020-06-01 modified 2020-06-02 plugin id 91118 published 2016-05-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91118 title RHEL 6 : postgresql92 in Satellite Server (RHSA-2016:1060) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-0347.NASL description From Red Hat Security Advisory 2016:0347 : Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 89095 published 2016-03-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89095 title Oracle Linux 6 : postgresql (ELSA-2016-0347) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-0346.NASL description Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. This update upgrades PostgreSQL to version 9.2.15. Refer to the Release Notes linked to in the References section for a detailed list of changes since the previous version. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 89087 published 2016-03-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89087 title CentOS 7 : postgresql (CESA-2016:0346) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-432.NASL description Several bugs were discovered in PostgreSQL, a relational database server system. The 8.4 branch is EOLed upstream, but still present in Debian squeeze. This new LTS minor version contains fixes that were applied upstream to the 9.1.20 version, backported to 8.4.22 which was the last version officially released by the PostgreSQL developers. This LTS effort for squeeze-lts is a community project sponsored by credativ GmbH. This release is the last LTS update for PostgreSQL 8.4. Users should migrate to a newer PostgreSQL at the earliest opportunity. ## Migration to Version 8.4.22lts6 A dump/restore is not required for those running 8.4.X. However, if you are upgrading from a version earlier than 8.4.22, see the relevant release notes. ## Fixes Fix infinite loops and buffer-overrun problems in regular expressions (Tom Lane) Very large character ranges in bracket expressions could cause infinite loops in some cases, and memory overwrites in other cases. (CVE-2016-0773) Perform an immediate shutdown if the postmaster.pid file is removed (Tom Lane) The postmaster now checks every minute or so that postmaster.pid is still there and still contains its own PID. If not, it performs an immediate shutdown, as though it had received SIGQUIT. The main motivation for this change is to ensure that failed buildfarm runs will get cleaned up without manual intervention; but it also serves to limit the bad effects if a DBA forcibly removes postmaster.pid and then starts a new postmaster. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2016-02-26 plugin id 88973 published 2016-02-26 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/88973 title Debian DLA-432-1 : postgresql-8.4 update NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-253.NASL description This update for postgresql93 fixes the following issues : - Security and bugfix release 9.3.11 : - Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, boo#966436). - Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). - Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, boo#966435). - Fix many issues in pg_dump with specific object types - Prevent over-eager pushdown of HAVING clauses for GROUPING SETS - Fix deparsing error with ON CONFLICT ... WHERE clauses - Fix tableoid errors for postgres_fdw - Prevent floating-point exceptions in pgbench - Make \det search Foreign Table names consistently - Fix quoting of domain constraint names in pg_dump - Prevent putting expanded objects into Const nodes - Allow compile of PL/Java on Windows - Fix last seen 2020-06-05 modified 2016-02-24 plugin id 88926 published 2016-02-24 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88926 title openSUSE Security Update : postgresql93 (openSUSE-2016-253) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-0346.NASL description From Red Hat Security Advisory 2016:0346 : Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. This update upgrades PostgreSQL to version 9.2.15. Refer to the Release Notes linked to in the References section for a detailed list of changes since the previous version. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 89094 published 2016-03-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89094 title Oracle Linux 7 : postgresql (ELSA-2016-0346)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://www.postgresql.org/docs/current/static/release-9-5-1.html
- http://www.postgresql.org/docs/current/static/release-9-1-20.html
- http://www.debian.org/security/2016/dsa-3476
- http://www.postgresql.org/docs/current/static/release-9-4-6.html
- http://www.postgresql.org/about/news/1644/
- http://www.postgresql.org/docs/current/static/release-9-3-11.html
- http://www.postgresql.org/docs/current/static/release-9-2-15.html
- http://www.ubuntu.com/usn/USN-2894-1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/83184
- http://rhn.redhat.com/errata/RHSA-2016-1060.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10152
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177878.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177820.html
- http://www.securitytracker.com/id/1035005
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html
- http://www.debian.org/security/2016/dsa-3475
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html
- https://security.gentoo.org/glsa/201701-33
- https://puppet.com/security/cve/CVE-2016-0773