Vulnerabilities > CVE-2016-5424 - Code Injection vulnerability in multiple products

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
debian
postgresql
CWE-94
nessus

Summary

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Vulnerable Configurations

Part Description Count
OS
Debian
1
Application
Postgresql
316

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3646.NASL
    descriptionSeveral vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. - CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. - CVE-2016-5424 Nathan Bossart discovered that special characters in database and role names are not properly handled, potentially leading to the execution of commands with superuser privileges, when a superuser executes pg_dumpall or other routine maintenance operations.
    last seen2020-06-01
    modified2020-06-02
    plugin id92875
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92875
    titleDebian DSA-3646-1 : postgresql-9.4 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3646. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92875);
      script_version("2.9");
      script_cvs_date("Date: 2018/11/10 11:49:38");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
      script_xref(name:"DSA", value:"3646");
    
      script_name(english:"Debian DSA-3646-1 : postgresql-9.4 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been found in PostgreSQL-9.4, a SQL
    database system.
    
      - CVE-2016-5423
        Karthikeyan Jambu Rajaraman discovered that nested
        CASE-WHEN expressions are not properly evaluated,
        potentially leading to a crash or allowing to disclose
        portions of server memory.
    
      - CVE-2016-5424
        Nathan Bossart discovered that special characters in
        database and role names are not properly handled,
        potentially leading to the execution of commands with
        superuser privileges, when a superuser executes
        pg_dumpall or other routine maintenance operations."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-5423"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-5424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/postgresql-9.4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2016/dsa-3646"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the postgresql-9.4 packages.
    
    For the stable distribution (jessie), these problems have been fixed
    in version 9.4.9-0+deb8u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-9.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libecpg-compat3", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libecpg-dev", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libecpg6", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libpgtypes3", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libpq-dev", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libpq5", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-9.4-dbg", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-client-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-contrib-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-doc-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-plperl-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-plpython-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-plpython3-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-pltcl-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"postgresql-server-dev-9.4", reference:"9.4.9-0+deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2414-1.NASL
    descriptionThis update for postgresql93 to version 9.3.14 fixes the several issues. These security issues were fixed : - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs
    last seen2020-06-01
    modified2020-06-02
    plugin id93806
    published2016-09-30
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93806
    titleSUSE SLES12 Security Update : postgresql93 (SUSE-SU-2016:2414-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:2414-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93806);
      script_version("2.13");
      script_cvs_date("Date: 2019/09/11 11:22:14");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
    
      script_name(english:"SUSE SLES12 Security Update : postgresql93 (SUSE-SU-2016:2414-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for postgresql93 to version 9.3.14 fixes the several
    issues. These security issues were fixed :
    
      - CVE-2016-5423: CASE/WHEN with inlining can cause
        untrusted pointer dereference (bsc#993454).
    
      - CVE-2016-5424: Fix client programs' handling of special
        characters in database and role names (bsc#993453).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=993453"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=993454"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5423/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5424/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20162414-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0fbb3d9e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
    SUSE-SLE-SAP-12-2016-1407=1
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2016-1407=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-contrib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-contrib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-server-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-contrib-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-contrib-debuginfo-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-debuginfo-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-debugsource-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-server-9.3.14-19.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-server-debuginfo-9.3.14-19.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql93");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1140.NASL
    descriptionThe postgresql server postgresql93 was updated to 9.3.14 fixes the following issues : Update to version 9.3.14 : - Fix possible mis-evaluation of nested CASE-WHEN expressions (CVE-2016-5423, boo#993454) - Fix client programs
    last seen2020-06-05
    modified2016-10-03
    plugin id93825
    published2016-10-03
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93825
    titleopenSUSE Security Update : postgresql93 (openSUSE-2016-1140)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-1140.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93825);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
    
      script_name(english:"openSUSE Security Update : postgresql93 (openSUSE-2016-1140)");
      script_summary(english:"Check for the openSUSE-2016-1140 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The postgresql server postgresql93 was updated to 9.3.14 fixes the
    following issues :
    
    Update to version 9.3.14 :
    
      - Fix possible mis-evaluation of nested CASE-WHEN
        expressions (CVE-2016-5423, boo#993454)
    
      - Fix client programs' handling of special characters in
        database and role names (CVE-2016-5424, boo#993453)
    
      - Fix corner-case misbehaviors for IS NULL/IS NOT NULL
        applied to nested composite values
    
      - Make the inet and cidr data types properly reject IPv6
        addresses with too many colon-separated fields
    
      - Prevent crash in close_ps() (the point ## lseg operator)
        for NaN input coordinates
    
      - Fix several one-byte buffer over-reads in to_number()
    
      - Avoid unsafe intermediate state during expensive paths
        through heap_update()
    
      - For the other bug fixes, see the release notes:
        https://www.postgresql.org/docs/9.3/static/release-9-3-1
        4.html
    
    Update to version 9.3.13 :
    
    This update fixes several problems which caused downtime for users,
    including :
    
      - Clearing the OpenSSL error queue before OpenSSL calls,
        preventing errors in SSL connections, particularly when
        using the Python, Ruby or PHP OpenSSL wrappers
    
      - Fixed the 'failed to build N-way joins' planner error
    
      - Fixed incorrect handling of equivalence in multilevel
        nestloop query plans, which could emit rows which didn't
        match the WHERE clause.
    
      - Prevented two memory leaks with using GIN indexes,
        including a potential index corruption risk. The release
        also includes many other bug fixes for reported issues,
        many of which affect all supported versions :
    
      - Fix corner-case parser failures occurring when
        operator_precedence_warning is turned on
    
      - Prevent possible misbehavior of TH, th, and Y,YYY format
        codes in to_timestamp()
    
      - Correct dumping of VIEWs and RULEs which use ANY (array)
        in a subselect
    
      - Disallow newlines in ALTER SYSTEM parameter values
    
      - Avoid possible misbehavior after failing to remove a
        tablespace symlink
    
      - Fix crash in logical decoding on alignment-picky
        platforms
    
      - Avoid repeated requests for feedback from receiver while
        shutting down walsender
    
      - Multiple fixes for pg_upgrade
    
      - Support building with Visual Studio 2015
    
      - This update also contains tzdata release 2016d, with
        updates for Russia, Venezuela, Kirov, and Tomsk.
        http://www.postgresql.org/docs/current/static/release-9-
        3-13.html
    
    Update to version 9.3.12 :
    
      - Fix two bugs in indexed ROW() comparisons
    
      - Avoid data loss due to renaming files
    
      - Prevent an error in rechecking rows in SELECT FOR
        UPDATE/SHARE
    
      - Fix bugs in multiple json_ and jsonb_ functions
    
      - Log lock waits for INSERT ON CONFLICT correctly
    
      - Ignore recovery_min_apply_delay until reaching a
        consistent state
    
      - Fix issue with pg_subtrans XID wraparound
    
      - Fix assorted bugs in Logical Decoding
    
      - Fix planner error with nested security barrier views
    
      - Prevent memory leak in GIN indexes
    
      - Fix two issues with ispell dictionaries
    
      - Avoid a crash on old Windows versions
    
      - Skip creating an erroneous delete script in pg_upgrade
    
      - Correctly translate empty arrays into PL/Perl
    
      - Make PL/Python cope with identifier names
    
    For the full release notes, see:
    http://www.postgresql.org/docs/9.4/static/release-9-3-12.html"
      );
      # http://www.postgresql.org/docs/9.4/static/release-9-3-12.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.postgresql.org/docs/9.4/release-9-3-12.html"
      );
      # http://www.postgresql.org/docs/current/static/release-9-3-13.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.postgresql.org/docs/current/release-9-3-13.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=993453"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=993454"
      );
      # https://www.postgresql.org/docs/9.3/static/release-9-3-14.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.postgresql.org/docs/9.3/release-9-3-14.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected postgresql93 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-contrib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-contrib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-libs-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-plperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-plperl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-plpython");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-plpython-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-pltcl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-pltcl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-server-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"libecpg6-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libecpg6-debuginfo-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libpq5-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"libpq5-debuginfo-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-contrib-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-contrib-debuginfo-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-debuginfo-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-debugsource-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-devel-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-devel-debuginfo-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-libs-debugsource-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-plperl-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-plperl-debuginfo-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-plpython-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-plpython-debuginfo-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-pltcl-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-pltcl-debuginfo-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-server-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-server-debuginfo-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"postgresql93-test-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libecpg6-32bit-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libecpg6-debuginfo-32bit-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpq5-32bit-9.3.14-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libpq5-debuginfo-32bit-9.3.14-2.13.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libecpg6-32bit / libecpg6 / libecpg6-debuginfo-32bit / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-30B01BDEDD.NASL
    descriptionUpdate to version 9.5.4 per release notes, includes security fixes for CVE-2016-5423 and CVE-2016-5424 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-08-24
    plugin id93085
    published2016-08-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93085
    titleFedora 24 : postgresql (2016-30b01bdedd)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-30b01bdedd.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93085);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
      script_xref(name:"FEDORA", value:"2016-30b01bdedd");
    
      script_name(english:"Fedora 24 : postgresql (2016-30b01bdedd)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to version 9.5.4 per release notes, includes security fixes for
    CVE-2016-5423 and CVE-2016-5424
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-30b01bdedd"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected postgresql package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"postgresql-9.5.4-1.fc24")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2415-1.NASL
    descriptionThis update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed : - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs
    last seen2020-06-01
    modified2020-06-02
    plugin id93807
    published2016-09-30
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93807
    titleSUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2016:2415-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:2415-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93807);
      script_version("2.13");
      script_cvs_date("Date: 2019/09/11 11:22:14");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2016:2415-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for postgresql94 to version 9.4.9 fixes the several
    issues. These security issues were fixed :
    
      - CVE-2016-5423: CASE/WHEN with inlining can cause
        untrusted pointer dereference (bsc#993454).
    
      - CVE-2016-5424: Fix client programs' handling of special
        characters in database and role names (bsc#993453).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=993453"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=993454"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5423/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5424/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20162415-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?40d300a8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2016-1409=1
    
    SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2016-1409=1
    
    SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP1-2016-1409=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libecpg6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libecpg6-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpq5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpq5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-contrib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-contrib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-libs-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-server-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libecpg6-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libecpg6-debuginfo-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpq5-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpq5-debuginfo-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"postgresql94-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"postgresql94-contrib-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"postgresql94-contrib-debuginfo-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"postgresql94-debuginfo-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"postgresql94-debugsource-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"postgresql94-libs-debugsource-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"postgresql94-server-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"postgresql94-server-debuginfo-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpq5-32bit-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpq5-debuginfo-32bit-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libecpg6-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libecpg6-debuginfo-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpq5-32bit-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpq5-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpq5-debuginfo-32bit-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpq5-debuginfo-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"postgresql94-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"postgresql94-debuginfo-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"postgresql94-debugsource-9.4.9-14.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"postgresql94-libs-debugsource-9.4.9-14.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql94");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CA16FD0B5FD111E6A6F26CC21735F730.NASL
    descriptionPostgreSQL project reports : Security Fixes nested CASE expressions + database and role names with embedded special characters - CVE-2016-5423: certain nested CASE expressions can cause the server to crash. - CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.
    last seen2020-06-01
    modified2020-06-02
    plugin id92929
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92929
    titleFreeBSD : PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities (ca16fd0b-5fd1-11e6-a6f2-6cc21735f730)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92929);
      script_version("2.6");
      script_cvs_date("Date: 2018/11/10 11:49:45");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
    
      script_name(english:"FreeBSD : PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities (ca16fd0b-5fd1-11e6-a6f2-6cc21735f730)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "PostgreSQL project reports :
    
    Security Fixes nested CASE expressions + database and role names with
    embedded special characters
    
    - CVE-2016-5423: certain nested CASE expressions can cause the server
    to crash.
    
    - CVE-2016-5424: database and role names with embedded special
    characters can allow code injection during administrative operations
    like pg_dumpall."
      );
      # https://vuxml.freebsd.org/freebsd/ca16fd0b-5fd1-11e6-a6f2-6cc21735f730.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a2b5da9c"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql91-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql92-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql93-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql94-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql95-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"postgresql91-server>=9.1.0<9.1.23")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql92-server>=9.2.0<9.2.18")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql93-server>=9.3.0<9.3.11")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql94-server>=9.4.0<9.4.9")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql95-server>=9.5.0<9.5.4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2606.NASL
    descriptionAn update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a newer upstream version: postgresql (9.2.18). Security Fix(es) : * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) * A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Heikki Linnakangas as the original reporter of CVE-2016-5423; and Nathan Bossart as the original reporter of CVE-2016-5424. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id94569
    published2016-11-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94569
    titleRHEL 7 : postgresql (RHSA-2016:2606)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:2606. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94569);
      script_version("2.18");
      script_cvs_date("Date: 2019/10/24 15:35:42");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
      script_xref(name:"RHSA", value:"2016:2606");
    
      script_name(english:"RHEL 7 : postgresql (RHSA-2016:2606)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for postgresql is now available for Red Hat Enterprise Linux
    7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    PostgreSQL is an advanced object-relational database management system
    (DBMS).
    
    The following packages have been upgraded to a newer upstream version:
    postgresql (9.2.18).
    
    Security Fix(es) :
    
    * A flaw was found in the way PostgreSQL server handled certain SQL
    statements containing CASE/WHEN commands. A remote, authenticated
    attacker could use a specially crafted SQL statement to cause
    PostgreSQL to crash or disclose a few bytes of server memory or
    possibly execute arbitrary code. (CVE-2016-5423)
    
    * A flaw was found in the way PostgreSQL client programs handled
    database and role names containing newlines, carriage returns, double
    quotes, or backslashes. By crafting such an object name, roles with
    the CREATEDB or CREATEROLE option could escalate their privileges to
    superuser when a superuser next executes maintenance with a vulnerable
    client program. (CVE-2016-5424)
    
    Red Hat would like to thank the PostgreSQL project for reporting these
    issues. Upstream acknowledges Heikki Linnakangas as the original
    reporter of CVE-2016-5423; and Nathan Bossart as the original reporter
    of CVE-2016-5424.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 7.3 Release Notes linked from the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2016:2606"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5423"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5424"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2016:2606";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", reference:"postgresql-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"postgresql-contrib-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"postgresql-contrib-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"postgresql-debuginfo-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"postgresql-devel-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"postgresql-docs-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"postgresql-docs-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"postgresql-libs-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"postgresql-plperl-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"postgresql-plperl-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"postgresql-plpython-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"postgresql-plpython-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"postgresql-pltcl-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"postgresql-pltcl-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"postgresql-server-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"postgresql-server-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"postgresql-test-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"postgresql-test-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"postgresql-upgrade-9.2.18-1.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"postgresql-upgrade-9.2.18-1.el7")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-debuginfo / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-765BB26915.NASL
    descriptionUpdate to version 9.5.4 per release notes, includes security fixes for CVE-2016-5423 and CVE-2016-5424 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-11-15
    plugin id94820
    published2016-11-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94820
    titleFedora 25 : postgresql (2016-765bb26915)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-765bb26915.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94820);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
      script_xref(name:"FEDORA", value:"2016-765bb26915");
    
      script_name(english:"Fedora 25 : postgresql (2016-765bb26915)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to version 9.5.4 per release notes, includes security fixes for
    CVE-2016-5423 and CVE-2016-5424
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-765bb26915"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected postgresql package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC25", reference:"postgresql-9.5.4-1.fc25")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3066-1.NASL
    descriptionHeikki Linnakangas discovered that PostgreSQL incorrectly handled certain nested CASE/WHEN expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-5423) Nathan Bossart discovered that PostgreSQL incorrectly handled special characters in database and role names. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-5424). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93047
    published2016-08-19
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93047
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : postgresql-9.1, postgresql-9.3, postgresql-9.5 vulnerabilities (USN-3066-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3066-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93047);
      script_version("2.10");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
      script_xref(name:"USN", value:"3066-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : postgresql-9.1, postgresql-9.3, postgresql-9.5 vulnerabilities (USN-3066-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Heikki Linnakangas discovered that PostgreSQL incorrectly handled
    certain nested CASE/WHEN expressions. A remote attacker could possibly
    use this issue to cause PostgreSQL to crash, resulting in a denial of
    service. (CVE-2016-5423)
    
    Nathan Bossart discovered that PostgreSQL incorrectly handled special
    characters in database and role names. A remote attacker could
    possibly use this issue to escalate privileges. (CVE-2016-5424).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3066-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected postgresql-9.1, postgresql-9.3 and / or
    postgresql-9.5 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-9.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-9.3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-9.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"postgresql-9.1", pkgver:"9.1.23-0ubuntu0.12.04")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"postgresql-9.3", pkgver:"9.3.14-0ubuntu0.14.04")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"postgresql-9.5", pkgver:"9.5.4-0ubuntu0.16.04")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql-9.1 / postgresql-9.3 / postgresql-9.5");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1161.NASL
    descriptionThis update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed : - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs
    last seen2020-06-05
    modified2016-10-12
    plugin id93997
    published2016-10-12
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93997
    titleopenSUSE Security Update : postgresql94 (openSUSE-2016-1161)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-1161.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93997);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
    
      script_name(english:"openSUSE Security Update : postgresql94 (openSUSE-2016-1161)");
      script_summary(english:"Check for the openSUSE-2016-1161 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for postgresql94 to version 9.4.9 fixes the several
    issues.
    
    These security issues were fixed :
    
      - CVE-2016-5423: CASE/WHEN with inlining can cause
        untrusted pointer dereference (bsc#993454).
    
      - CVE-2016-5424: Fix client programs' handling of special
        characters in database and role names (bsc#993453).
    
    This non-security issue was fixed :
    
      - bsc#973660: Added 'Requires: timezone' to Service Pack
    
    For additional non-security issues please refer to
    
    - http://www.postgresql.org/docs/9.4/static/release-9-4-9.html
    
    - http://www.postgresql.org/docs/9.4/static/release-9-4-8.html
    
    - http://www.postgresql.org/docs/9.4/static/release-9-4-7.html
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      # http://www.postgresql.org/docs/9.4/static/release-9-4-7.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.postgresql.org/docs/9.4/release-9-4-7.html"
      );
      # http://www.postgresql.org/docs/9.4/static/release-9-4-8.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.postgresql.org/docs/9.4/release-9-4-8.html"
      );
      # http://www.postgresql.org/docs/9.4/static/release-9-4-9.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.postgresql.org/docs/9.4/release-9-4-9.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=993453"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=993454"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected postgresql94 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libecpg6-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpq5-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-contrib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-contrib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-libs-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-plperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-plperl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-plpython");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-plpython-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-pltcl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-pltcl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-server-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", reference:"libecpg6-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libecpg6-debuginfo-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libpq5-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libpq5-debuginfo-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-contrib-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-contrib-debuginfo-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-debuginfo-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-debugsource-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-devel-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-devel-debuginfo-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-libs-debugsource-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-plperl-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-plperl-debuginfo-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-plpython-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-plpython-debuginfo-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-pltcl-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-pltcl-debuginfo-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-server-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-server-debuginfo-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"postgresql94-test-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libecpg6-32bit-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libecpg6-debuginfo-32bit-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libpq5-32bit-9.4.9-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libpq5-debuginfo-32bit-9.4.9-7.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libecpg6-32bit / libecpg6 / libecpg6-debuginfo-32bit / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-5486A6DFC0.NASL
    descriptionUpdate to version 9.4.9 per release notes, includes security fixes for CVE-2016-5423 and CVE-2016-5424 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-08-24
    plugin id93087
    published2016-08-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93087
    titleFedora 23 : postgresql (2016-5486a6dfc0)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-5486a6dfc0.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93087);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
      script_xref(name:"FEDORA", value:"2016-5486a6dfc0");
    
      script_name(english:"Fedora 23 : postgresql (2016-5486a6dfc0)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to version 9.4.9 per release notes, includes security fixes for
    CVE-2016-5423 and CVE-2016-5424
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-5486a6dfc0"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected postgresql package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC23", reference:"postgresql-9.4.9-1.fc23")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161103_POSTGRESQL_ON_SL7_X.NASL
    descriptionThe following packages have been upgraded to a newer upstream version: postgresql (9.2.18). Security Fix(es) : - A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) - A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Additional Changes :
    last seen2020-03-18
    modified2016-12-15
    plugin id95856
    published2016-12-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95856
    titleScientific Linux Security Update : postgresql on SL7.x x86_64 (20161103)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95856);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2016-5423", "CVE-2016-5424");
    
      script_name(english:"Scientific Linux Security Update : postgresql on SL7.x x86_64 (20161103)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The following packages have been upgraded to a newer upstream version:
    postgresql (9.2.18).
    
    Security Fix(es) :
    
      - A flaw was found in the way PostgreSQL server handled
        certain SQL statements containing CASE/WHEN commands. A
        remote, authenticated attacker could use a specially
        crafted SQL statement to cause PostgreSQL to crash or
        disclose a few bytes of server memory or possibly
        execute arbitrary code. (CVE-2016-5423)
    
      - A flaw was found in the way PostgreSQL client programs
        handled database and role names containing newlines,
        carriage returns, double quotes, or backslashes. By
        crafting such an object name, roles with the CREATEDB or
        CREATEROLE option could escalate their privileges to
        superuser when a superuser next executes maintenance
        with a vulnerable client program. (CVE-2016-5424)
    
    Additional Changes :"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=3929
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a37f0502"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-contrib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-plperl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-plpython");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-pltcl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:postgresql-upgrade");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-9.2.18-1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-contrib-9.2.18-1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-debuginfo-9.2.18-1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-devel-9.2.18-1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-docs-9.2.18-1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-libs-9.2.18-1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-plperl-9.2.18-1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-plpython-9.2.18-1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-pltcl-9.2.18-1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-server-9.2.18-1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-test-9.2.18-1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"postgresql-upgrade-9.2.18-1.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-debuginfo / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1058.NASL
    descriptionAccording to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.(CVE-2016-5423) - A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program.(CVE-2016-5424i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99820
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99820
    titleEulerOS 2.0 SP1 : postgresql (EulerOS-SA-2016-1058)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-592.NASL
    descriptionSeveral vulnerabilities have been found in PostgreSQL, a SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. CVE-2016-5424 Nathan Bossart discovered that special characters in database and role names are not properly handled, potentially leading to the execution of commands with superuser privileges, when a superuser executes pg_dumpall or other routine maintenance operations. For Debian 7
    last seen2020-03-17
    modified2016-08-12
    plugin id92873
    published2016-08-12
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92873
    titleDebian DLA-592-1 : postgresql-9.1 security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-472.NASL
    descriptionThis update for postgresql93 to version 9.3.14 fixes the several issues. These security issues were fixed : - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs
    last seen2020-06-05
    modified2017-04-17
    plugin id99417
    published2017-04-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99417
    titleopenSUSE Security Update : postgresql93 (openSUSE-2017-472)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2606.NASL
    descriptionAn update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a newer upstream version: postgresql (9.2.18). Security Fix(es) : * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) * A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Heikki Linnakangas as the original reporter of CVE-2016-5423; and Nathan Bossart as the original reporter of CVE-2016-5424. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id95352
    published2016-11-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95352
    titleCentOS 7 : postgresql (CESA-2016:2606)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-747.NASL
    descriptionA flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424)
    last seen2020-06-01
    modified2020-06-02
    plugin id93539
    published2016-09-16
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93539
    titleAmazon Linux AMI : postgresql92 / postgresql93,postgresql94 (ALAS-2016-747)
  • NASL familyDatabases
    NASL idPOSTGRESQL_20160811.NASL
    descriptionThe version of PostgreSQL installed on the remote host is 9.1.x prior to 9.1.23, 9.2.x prior to 9.2.18, 9.3.x prior to 9.3.14, 9.4.x prior to 9.4.9, or 9.5.x prior to 9.5.4. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists that allows an authenticated, remote attacker to crash the database via specially crafted nested CASE expressions. (CVE-2016-5423) - A flaw exists that is triggered during the handling of database and role names with embedded special characters. An unauthenticated, remote attacker can exploit this to execute arbitrary code during administrative operations such as pg_dumpall. (CVE-2016-5424) - A denial of service vulnerability exists in the pg_get_expr() function that is triggered during the handling of inconsistent values. An authenticated, remote attacker can exploit this to crash the database. - An overflow condition exists in the to_number() function due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to cause a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id93050
    published2016-08-19
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93050
    titlePostgreSQL 9.1.x < 9.1.23 / 9.2.x < 9.2.18 / 9.3.x < 9.3.14 / 9.4.x < 9.4.9 / 9.5.x < 9.5.4 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-33.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-33 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or escalate privileges. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96474
    published2017-01-13
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96474
    titleGLSA-201701-33 : PostgreSQL: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_414C18BF365311E795506CC21735F730.NASL
    descriptionThe PostgreSQL project reports : Security Fixes nested CASE expressions + database and role names with embedded special characters - CVE-2017-7484: selectivity estimators bypass SELECT privilege checks. - CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable - CVE-2017-7486: pg_user_mappings view discloses foreign server passwords. This applies to new databases, see the release notes for the procedure to apply the fix to an existing database.
    last seen2020-06-01
    modified2020-06-02
    plugin id100141
    published2017-05-12
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100141
    titleFreeBSD : PostgreSQL vulnerabilities (414c18bf-3653-11e7-9550-6cc21735f730)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2606.NASL
    descriptionFrom Red Hat Security Advisory 2016:2606 : An update for postgresql is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a newer upstream version: postgresql (9.2.18). Security Fix(es) : * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) * A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Heikki Linnakangas as the original reporter of CVE-2016-5423; and Nathan Bossart as the original reporter of CVE-2016-5424. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id94725
    published2016-11-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94725
    titleOracle Linux 7 : postgresql (ELSA-2016-2606)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2418-1.NASL
    descriptionThis update for postgresql94 to version 9.4.9 fixes the several issues. These security issues were fixed : - CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference (bsc#993454). - CVE-2016-5424: Fix client programs
    last seen2020-06-01
    modified2020-06-02
    plugin id93808
    published2016-09-30
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93808
    titleSUSE SLES11 Security Update : postgresql94 (SUSE-SU-2016:2418-1)

Redhat

advisories
  • bugzilla
    id1364002
    titleCVE-2016-5424 postgresql: privilege escalation via crafted database and role names
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentpostgresql-devel is earlier than 0:9.2.18-1.el7
            ovaloval:com.redhat.rhsa:tst:20162606001
          • commentpostgresql-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100908016
        • AND
          • commentpostgresql-plpython is earlier than 0:9.2.18-1.el7
            ovaloval:com.redhat.rhsa:tst:20162606003
          • commentpostgresql-plpython is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100908018
        • AND
          • commentpostgresql-libs is earlier than 0:9.2.18-1.el7
            ovaloval:com.redhat.rhsa:tst:20162606005
          • commentpostgresql-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100908014
        • AND
          • commentpostgresql-plperl is earlier than 0:9.2.18-1.el7
            ovaloval:com.redhat.rhsa:tst:20162606007
          • commentpostgresql-plperl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100908012
        • AND
          • commentpostgresql-docs is earlier than 0:9.2.18-1.el7
            ovaloval:com.redhat.rhsa:tst:20162606009
          • commentpostgresql-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100908010
        • AND
          • commentpostgresql-test is earlier than 0:9.2.18-1.el7
            ovaloval:com.redhat.rhsa:tst:20162606011
          • commentpostgresql-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100908006
        • AND
          • commentpostgresql-pltcl is earlier than 0:9.2.18-1.el7
            ovaloval:com.redhat.rhsa:tst:20162606013
          • commentpostgresql-pltcl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100908004
        • AND
          • commentpostgresql is earlier than 0:9.2.18-1.el7
            ovaloval:com.redhat.rhsa:tst:20162606015
          • commentpostgresql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100908002
        • AND
          • commentpostgresql-contrib is earlier than 0:9.2.18-1.el7
            ovaloval:com.redhat.rhsa:tst:20162606017
          • commentpostgresql-contrib is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100908008
        • AND
          • commentpostgresql-server is earlier than 0:9.2.18-1.el7
            ovaloval:com.redhat.rhsa:tst:20162606019
          • commentpostgresql-server is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100908020
        • AND
          • commentpostgresql-upgrade is earlier than 0:9.2.18-1.el7
            ovaloval:com.redhat.rhsa:tst:20162606021
          • commentpostgresql-upgrade is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150750030
    rhsa
    idRHSA-2016:2606
    released2016-11-03
    severityModerate
    titleRHSA-2016:2606: postgresql security and bug fix update (Moderate)
  • rhsa
    idRHSA-2016:1781
  • rhsa
    idRHSA-2016:1820
  • rhsa
    idRHSA-2016:1821
  • rhsa
    idRHSA-2017:2425
rpms
  • rh-postgresql94-postgresql-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-contrib-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-contrib-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-debuginfo-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-debuginfo-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-devel-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-devel-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-docs-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-docs-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-libs-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-libs-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-plperl-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-plperl-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-plpython-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-plpython-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-pltcl-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-pltcl-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-server-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-server-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-static-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-static-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-test-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-test-0:9.4.9-1.el7
  • rh-postgresql94-postgresql-upgrade-0:9.4.9-1.el6
  • rh-postgresql94-postgresql-upgrade-0:9.4.9-1.el7
  • postgresql92-postgresql-0:9.2.18-1.el6
  • postgresql92-postgresql-0:9.2.18-1.el7
  • postgresql92-postgresql-contrib-0:9.2.18-1.el6
  • postgresql92-postgresql-contrib-0:9.2.18-1.el7
  • postgresql92-postgresql-debuginfo-0:9.2.18-1.el6
  • postgresql92-postgresql-debuginfo-0:9.2.18-1.el7
  • postgresql92-postgresql-devel-0:9.2.18-1.el6
  • postgresql92-postgresql-devel-0:9.2.18-1.el7
  • postgresql92-postgresql-docs-0:9.2.18-1.el6
  • postgresql92-postgresql-docs-0:9.2.18-1.el7
  • postgresql92-postgresql-libs-0:9.2.18-1.el6
  • postgresql92-postgresql-libs-0:9.2.18-1.el7
  • postgresql92-postgresql-plperl-0:9.2.18-1.el6
  • postgresql92-postgresql-plperl-0:9.2.18-1.el7
  • postgresql92-postgresql-plpython-0:9.2.18-1.el6
  • postgresql92-postgresql-plpython-0:9.2.18-1.el7
  • postgresql92-postgresql-pltcl-0:9.2.18-1.el6
  • postgresql92-postgresql-pltcl-0:9.2.18-1.el7
  • postgresql92-postgresql-server-0:9.2.18-1.el6
  • postgresql92-postgresql-server-0:9.2.18-1.el7
  • postgresql92-postgresql-test-0:9.2.18-1.el6
  • postgresql92-postgresql-test-0:9.2.18-1.el7
  • postgresql92-postgresql-upgrade-0:9.2.18-1.el6
  • postgresql92-postgresql-upgrade-0:9.2.18-1.el7
  • rh-postgresql95-postgresql-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-contrib-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-contrib-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-debuginfo-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-debuginfo-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-devel-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-devel-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-docs-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-docs-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-libs-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-libs-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-plperl-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-plperl-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-plpython-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-plpython-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-pltcl-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-pltcl-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-server-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-server-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-static-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-static-0:9.5.4-1.el7
  • rh-postgresql95-postgresql-test-0:9.5.4-1.el6
  • rh-postgresql95-postgresql-test-0:9.5.4-1.el7
  • postgresql-0:9.2.18-1.el7
  • postgresql-contrib-0:9.2.18-1.el7
  • postgresql-debuginfo-0:9.2.18-1.el7
  • postgresql-devel-0:9.2.18-1.el7
  • postgresql-docs-0:9.2.18-1.el7
  • postgresql-libs-0:9.2.18-1.el7
  • postgresql-plperl-0:9.2.18-1.el7
  • postgresql-plpython-0:9.2.18-1.el7
  • postgresql-pltcl-0:9.2.18-1.el7
  • postgresql-server-0:9.2.18-1.el7
  • postgresql-test-0:9.2.18-1.el7
  • postgresql-upgrade-0:9.2.18-1.el7
  • rh-postgresql95-postgresql-0:9.5.7-2.el6
  • rh-postgresql95-postgresql-contrib-0:9.5.7-2.el6
  • rh-postgresql95-postgresql-debuginfo-0:9.5.7-2.el6
  • rh-postgresql95-postgresql-libs-0:9.5.7-2.el6
  • rh-postgresql95-postgresql-pltcl-0:9.5.7-2.el6
  • rh-postgresql95-postgresql-server-0:9.5.7-2.el6
  • rh-postgresql95-runtime-0:2.2-3.el6
  • spacewalk-backend-0:2.3.3-53.el6sat
  • spacewalk-backend-app-0:2.3.3-53.el6sat
  • spacewalk-backend-applet-0:2.3.3-53.el6sat
  • spacewalk-backend-config-files-0:2.3.3-53.el6sat
  • spacewalk-backend-config-files-common-0:2.3.3-53.el6sat
  • spacewalk-backend-config-files-tool-0:2.3.3-53.el6sat
  • spacewalk-backend-iss-0:2.3.3-53.el6sat
  • spacewalk-backend-iss-export-0:2.3.3-53.el6sat
  • spacewalk-backend-libs-0:2.3.3-53.el6sat
  • spacewalk-backend-package-push-server-0:2.3.3-53.el6sat
  • spacewalk-backend-server-0:2.3.3-53.el6sat
  • spacewalk-backend-sql-0:2.3.3-53.el6sat
  • spacewalk-backend-sql-oracle-0:2.3.3-53.el6sat
  • spacewalk-backend-sql-postgresql-0:2.3.3-53.el6sat
  • spacewalk-backend-tools-0:2.3.3-53.el6sat
  • spacewalk-backend-xml-export-libs-0:2.3.3-53.el6sat
  • spacewalk-backend-xmlrpc-0:2.3.3-53.el6sat
  • spacewalk-base-0:2.3.2-35.el6sat
  • spacewalk-base-minimal-0:2.3.2-35.el6sat
  • spacewalk-base-minimal-config-0:2.3.2-35.el6sat
  • spacewalk-dobby-0:2.3.2-35.el6sat
  • spacewalk-grail-0:2.3.2-35.el6sat
  • spacewalk-html-0:2.3.2-35.el6sat
  • spacewalk-postgresql-server-0:9.5-1.el6sat
  • spacewalk-pxt-0:2.3.2-35.el6sat
  • spacewalk-setup-postgresql-0:2.3.0-27.el6sat
  • spacewalk-sniglets-0:2.3.2-35.el6sat
  • spacewalk-utils-0:2.3.2-32.el6sat

References