Vulnerabilities > CVE-2017-7485 - Missing Encryption of Sensitive Data vulnerability in Postgresql
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Interception An attacker monitors data streams to or from a target in order to gather information. This attack may be undertaken to gather information to support a later attack or the data collected may be the end goal of the attack. This attack usually involves sniffing network traffic, but may include observing other types of data streams, such as radio. In most varieties of this attack, the attacker is passive and simply observes regular communication, however in some variants the attacker may attempt to initiate the establishment of a data stream or influence the nature of the data transmitted. However, in all variants of this attack, and distinguishing this attack from other data collection methods, the attacker is not the intended recipient of the data stream. Unlike some other data leakage attacks, the attacker is observing explicit data channels (e.g. network traffic) and reading the content. This differs from attacks that collect more qualitative information, such as communication volume, or other information not explicitly communicated via a data stream.
- Screen Temporary Files for Sensitive Information An attacker exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an attacker might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the attacker could recover this from the web cache.
- Sniffing Attacks An attacker monitors information transmitted between logical or physical nodes of a network. The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information. Any transmission medium can theoretically be sniffed if the attacker can listen to the contents between the sender and recipient.
- Sniffing Network Traffic An attacker monitoring network traffic between nodes of a public or multicast network. The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information. This differs from other sniffing attacks in that it is over a public network rather via some other communications channel, such as radio.
- Lifting Sensitive Data from the Client An attacker examines an available client application for the presence of sensitive information. This information may be stored in configuration files, embedded within the application itself, or stored in other ways. Sensitive information may include long-term keys, passwords, credit card or financial information, and other private material that the client uses in its interactions with the server. While servers are (hopefully) protected with professional security administrators, most users may be less skilled at protecting their clients. As a result, the user client may represent a weak link that an attacker can exploit. If an attacker can gain access to a client installation, they may be able to detect and lift sensitive information that could be used directly (such as financial information), or allow the attacker to subvert future communication between the client and the server. In some cases, it may not even be necessary to gain access to another user's installation - if all instances of the client software are embedded with the same sensitive information (for example, long term keys for communication with the server) then the attacker must simply find a way to gain their own copy of the client in order to perform this attack.
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-839.NASL description Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) libpq ignores PGREQUIRESSL environment variable It was found that the PGREQUIRESSL was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2017-7485) pg_user_mappings view discloses foreign server passwords It was found that the pg_user_mappings view from postgresql could disclose information about user mappings to a foreign database to unprivileged users. An authenticated attacker with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) last seen 2020-06-01 modified 2020-06-02 plugin id 100640 published 2017-06-07 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/100640 title Amazon Linux AMI : postgresql93 / postgresql94,postgresql95 (ALAS-2017-839) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2017-839. # include("compat.inc"); if (description) { script_id(100640); script_version("3.5"); script_cvs_date("Date: 2018/04/18 15:09:36"); script_cve_id("CVE-2017-7484", "CVE-2017-7485", "CVE-2017-7486"); script_xref(name:"ALAS", value:"2017-839"); script_name(english:"Amazon Linux AMI : postgresql93 / postgresql94,postgresql95 (ALAS-2017-839)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Selectivity estimators bypass SELECT privilege checks It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) libpq ignores PGREQUIRESSL environment variable It was found that the PGREQUIRESSL was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2017-7485) pg_user_mappings view discloses foreign server passwords It was found that the pg_user_mappings view from postgresql could disclose information about user mappings to a foreign database to unprivileged users. An authenticated attacker with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-839.html" ); script_set_attribute( attribute:"solution", value: "Run 'yum update postgresql93' to update your system. Run 'yum update postgresql94' to update your system. Run 'yum update postgresql95' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-plpython26"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-plpython27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql93-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-plpython26"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-plpython27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql94-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-plpython26"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-plpython27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:postgresql95-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"postgresql93-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-contrib-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-debuginfo-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-devel-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-docs-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-libs-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-plperl-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-plpython26-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-plpython27-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-pltcl-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-server-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql93-test-9.3.17-1.63.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-9.4.12-1.68.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-contrib-9.4.12-1.68.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-debuginfo-9.4.12-1.68.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-devel-9.4.12-1.68.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-docs-9.4.12-1.68.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-libs-9.4.12-1.68.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-plperl-9.4.12-1.68.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-plpython26-9.4.12-1.68.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-plpython27-9.4.12-1.68.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-server-9.4.12-1.68.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql94-test-9.4.12-1.68.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-9.5.7-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-contrib-9.5.7-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-debuginfo-9.5.7-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-devel-9.5.7-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-docs-9.5.7-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-libs-9.5.7-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-plperl-9.5.7-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-plpython26-9.5.7-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-plpython27-9.5.7-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-server-9.5.7-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-static-9.5.7-1.72.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"postgresql95-test-9.5.7-1.72.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql93 / postgresql93-contrib / postgresql93-debuginfo / etc"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-657.NASL description This update for postgresql93 fixes the following issues : The PostgreSQL package was updated to 9.3.17, bringing various bug and security fixes. Security fixes : - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) More details can be found in the PostgreSQL release announcements : - https://www.postgresql.org/docs/9.3/static/release-9-3-17.html - https://www.postgresql.org/docs/9.3/static/release-9-3-16.html - https://www.postgresql.org/docs/9.3/static/release-9-3-15.html This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-06-07 plugin id 100659 published 2017-06-07 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100659 title openSUSE Security Update : postgresql93 (openSUSE-2017-657) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-657. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(100659); script_version("3.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-7484", "CVE-2017-7485", "CVE-2017-7486"); script_name(english:"openSUSE Security Update : postgresql93 (openSUSE-2017-657)"); script_summary(english:"Check for the openSUSE-2017-657 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for postgresql93 fixes the following issues : The PostgreSQL package was updated to 9.3.17, bringing various bug and security fixes. Security fixes : - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) More details can be found in the PostgreSQL release announcements : - https://www.postgresql.org/docs/9.3/static/release-9-3-17.html - https://www.postgresql.org/docs/9.3/static/release-9-3-16.html - https://www.postgresql.org/docs/9.3/static/release-9-3-15.html This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1037603" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1037624" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038293" ); # https://www.postgresql.org/docs/9.3/static/release-9-3-15.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.3/release-9-3-15.html" ); # https://www.postgresql.org/docs/9.3/static/release-9-3-16.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.3/release-9-3-16.html" ); # https://www.postgresql.org/docs/9.3/static/release-9-3-17.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.3/release-9-3-17.html" ); script_set_attribute( attribute:"solution", value:"Update the affected postgresql93 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-contrib-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-libs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-plperl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-plpython-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-pltcl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql93-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"postgresql93-devel-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql93-devel-debuginfo-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql93-libs-debugsource-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-contrib-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-contrib-debuginfo-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-debuginfo-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-debugsource-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-plperl-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-plperl-debuginfo-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-plpython-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-plpython-debuginfo-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-pltcl-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-pltcl-debuginfo-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-server-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-server-debuginfo-9.3.17-5.9.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"postgresql93-test-9.3.17-5.9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql93-devel / postgresql93-devel-debuginfo / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1690-1.NASL description This update for postgresql94 to 9.4.12 fixes the following issues: Upstream changelogs : - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security issues fixed : - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) Please note that manual action is needed to fix this in existing databases See the upstream release notes for details. - CVE-2017-7485: recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Changes in version 9.4.12 : - Build corruption with CREATE INDEX CONCURRENTLY - Fixes for visibility and write-ahead-log stability Changes in version 9.4.10 : - Fix WAL-logging of truncation of relation free space maps and visibility maps - Fix incorrect creation of GIN index WAL records on big-endian machines - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction - Fix EvalPlanQual rechecks involving CTE scans - Fix improper repetition of previous results from hashed aggregation in a subquery The libraries libpq and libecpg are now supplied by postgresql 9.6. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101060 published 2017-06-27 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101060 title SUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2017:1690-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:1690-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(101060); script_version("3.11"); script_cvs_date("Date: 2019/09/11 11:22:15"); script_cve_id("CVE-2017-7484", "CVE-2017-7485", "CVE-2017-7486"); script_name(english:"SUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2017:1690-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for postgresql94 to 9.4.12 fixes the following issues: Upstream changelogs : - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security issues fixed : - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) Please note that manual action is needed to fix this in existing databases See the upstream release notes for details. - CVE-2017-7485: recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Changes in version 9.4.12 : - Build corruption with CREATE INDEX CONCURRENTLY - Fixes for visibility and write-ahead-log stability Changes in version 9.4.10 : - Fix WAL-logging of truncation of relation free space maps and visibility maps - Fix incorrect creation of GIN index WAL records on big-endian machines - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction - Fix EvalPlanQual rechecks involving CTE scans - Fix improper repetition of previous results from hashed aggregation in a subquery The libraries libpq and libecpg are now supplied by postgresql 9.6. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1037603" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1037624" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1038293" ); # https://www.postgresql.org/docs/9.4/static/release-9-4-10.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.4/release-9-4-10.html" ); # https://www.postgresql.org/docs/9.4/static/release-9-4-11.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.4/release-9-4-11.html" ); # https://www.postgresql.org/docs/9.4/static/release-9-4-12.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.4/release-9-4-12.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7484/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7485/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7486/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20171690-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c0c7f331" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1039=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1039=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1039=1 SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1039=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-contrib-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql94-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/12"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"postgresql94-9.4.12-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"postgresql94-contrib-9.4.12-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"postgresql94-contrib-debuginfo-9.4.12-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"postgresql94-debuginfo-9.4.12-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"postgresql94-debugsource-9.4.12-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"postgresql94-server-9.4.12-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"postgresql94-server-debuginfo-9.4.12-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"postgresql94-9.4.12-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"postgresql94-debuginfo-9.4.12-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"postgresql94-debugsource-9.4.12-20.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql94"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1441-1.NASL description This update for postgresql93 fixes the following issues: The PostgreSQL package was updated to 9.3.17, bringing various bug and security fixes. Bug fixes : - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) More details can be found in the PostgreSQL release announcements : - https://www.postgresql.org/docs/9.3/static/release-9-3-17.html - https://www.postgresql.org/docs/9.3/static/release-9-3-16.html - https://www.postgresql.org/docs/9.3/static/release-9-3-15.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 100538 published 2017-05-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100538 title SUSE SLES12 Security Update : postgresql93 (SUSE-SU-2017:1441-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:1441-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(100538); script_version("3.11"); script_cvs_date("Date: 2019/09/11 11:22:15"); script_cve_id("CVE-2017-7484", "CVE-2017-7485", "CVE-2017-7486"); script_name(english:"SUSE SLES12 Security Update : postgresql93 (SUSE-SU-2017:1441-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for postgresql93 fixes the following issues: The PostgreSQL package was updated to 9.3.17, bringing various bug and security fixes. Bug fixes : - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) More details can be found in the PostgreSQL release announcements : - https://www.postgresql.org/docs/9.3/static/release-9-3-17.html - https://www.postgresql.org/docs/9.3/static/release-9-3-16.html - https://www.postgresql.org/docs/9.3/static/release-9-3-15.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1029547" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1037603" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1037624" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1038293" ); # https://www.postgresql.org/docs/9.3/static/release-9-3-15.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.3/release-9-3-15.html" ); # https://www.postgresql.org/docs/9.3/static/release-9-3-16.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.3/release-9-3-16.html" ); # https://www.postgresql.org/docs/9.3/static/release-9-3-17.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.3/release-9-3-17.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7484/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7485/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7486/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20171441-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b83f04d9" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server for SAP 12:zypper in -t patch SUSE-SLE-SAP-12-2017-881=1 SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2017-881=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-contrib-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:postgresql93-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/12"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-9.3.17-24.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-contrib-9.3.17-24.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-contrib-debuginfo-9.3.17-24.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-debuginfo-9.3.17-24.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-debugsource-9.3.17-24.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-server-9.3.17-24.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"postgresql93-server-debuginfo-9.3.17-24.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql93"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-770.NASL description This update for postgresql94 to 9.4.12 fixes the following issues : Upstream changelogs : - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security issues fixed : - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) Please note that manual action is needed to fix this in existing databases See the upstream release notes for details. - CVE-2017-7485: recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Changes in version 9.4.12 : - Build corruption with CREATE INDEX CONCURRENTLY - Fixes for visibility and write-ahead-log stability Changes in version 9.4.10 : - Fix WAL-logging of truncation of relation free space maps and visibility maps - Fix incorrect creation of GIN index WAL records on big-endian machines - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction - Fix EvalPlanQual rechecks involving CTE scans - Fix improper repetition of previous results from hashed aggregation in a subquery The libraries libpq and libecpg are now supplied by postgresql 9.6. This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2017-07-05 plugin id 101220 published 2017-07-05 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101220 title openSUSE Security Update : postgresql94 (openSUSE-2017-770) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-770. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(101220); script_version("3.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-7484", "CVE-2017-7485", "CVE-2017-7486"); script_name(english:"openSUSE Security Update : postgresql94 (openSUSE-2017-770)"); script_summary(english:"Check for the openSUSE-2017-770 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for postgresql94 to 9.4.12 fixes the following issues : Upstream changelogs : - https://www.postgresql.org/docs/9.4/static/release-9-4-12.html - https://www.postgresql.org/docs/9.4/static/release-9-4-11.html - https://www.postgresql.org/docs/9.4/static/release-9-4-10.html Security issues fixed : - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) Please note that manual action is needed to fix this in existing databases See the upstream release notes for details. - CVE-2017-7485: recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Changes in version 9.4.12 : - Build corruption with CREATE INDEX CONCURRENTLY - Fixes for visibility and write-ahead-log stability Changes in version 9.4.10 : - Fix WAL-logging of truncation of relation free space maps and visibility maps - Fix incorrect creation of GIN index WAL records on big-endian machines - Fix SELECT FOR UPDATE/SHARE to correctly lock tuples that have been updated by a subsequently-aborted transaction - Fix EvalPlanQual rechecks involving CTE scans - Fix improper repetition of previous results from hashed aggregation in a subquery The libraries libpq and libecpg are now supplied by postgresql 9.6. This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1037603" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1037624" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038293" ); # https://www.postgresql.org/docs/9.4/static/release-9-4-10.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.4/release-9-4-10.html" ); # https://www.postgresql.org/docs/9.4/static/release-9-4-11.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.4/release-9-4-11.html" ); # https://www.postgresql.org/docs/9.4/static/release-9-4-12.html script_set_attribute( attribute:"see_also", value:"https://www.postgresql.org/docs/9.4/release-9-4-12.html" ); script_set_attribute( attribute:"solution", value:"Update the affected postgresql94 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-contrib-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-libs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-plperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-plperl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-plpython"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-plpython-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-pltcl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:postgresql94-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-contrib-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-contrib-debuginfo-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-debuginfo-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-debugsource-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-devel-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-devel-debuginfo-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-libs-debugsource-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-plperl-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-plperl-debuginfo-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-plpython-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-plpython-debuginfo-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-pltcl-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-pltcl-debuginfo-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-server-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-server-debuginfo-9.4.12-9.6.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"postgresql94-test-9.4.12-9.6.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql94-devel / postgresql94-devel-debuginfo / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3851.NASL description Several vulnerabilities have been found in the PostgreSQL database system : - CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure. - CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection. - CVE-2017-7486 Andrew Wheelwright discovered that user mappings were insufficiently restricted. last seen 2020-06-01 modified 2020-06-02 plugin id 100165 published 2017-05-15 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100165 title Debian DSA-3851-1 : postgresql-9.4 - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3851. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(100165); script_version("3.11"); script_cvs_date("Date: 2018/11/10 11:49:38"); script_cve_id("CVE-2017-7484", "CVE-2017-7485", "CVE-2017-7486"); script_xref(name:"DSA", value:"3851"); script_name(english:"Debian DSA-3851-1 : postgresql-9.4 - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been found in the PostgreSQL database system : - CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure. - CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection. - CVE-2017-7486 Andrew Wheelwright discovered that user mappings were insufficiently restricted." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-7484" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-7485" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2017-7486" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/postgresql-9.4" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2017/dsa-3851" ); script_set_attribute( attribute:"solution", value: "Upgrade the postgresql-9.4 packages. For the stable distribution (jessie), these problems have been fixed in version 9.4.12-0+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:postgresql-9.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libecpg-compat3", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libecpg-dev", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libecpg6", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libpgtypes3", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libpq-dev", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libpq5", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-9.4", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-9.4-dbg", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-client-9.4", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-contrib-9.4", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-doc-9.4", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-plperl-9.4", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-plpython-9.4", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-plpython3-9.4", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-pltcl-9.4", reference:"9.4.12-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"postgresql-server-dev-9.4", reference:"9.4.12-0+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1838.NASL description An update for rh-postgresql95-postgresql is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This update applies only to Satellite 5.8 instances using either embedded or managed PostgreSQL databases. There are manual steps required in order to finish the migration from postgresql92-postgresql to rh-postgresql95-postgresql. If these steps are not undertaken, the affected Satellite will continue to use PostgreSQL 9.2. postgresql92-postgresql will be upgraded automatically to rh-postgresql95-postgresql as part of an upgrade to Satellite 5.8. PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es) : * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) * It was discovered that the PostgreSQL client library (libpq) did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2017-7485) * It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Robert Haas as the original reporter of CVE-2017-7484; Daniel Gustafsson as the original reporter of CVE-2017-7485; and Andrew Wheelwright as the original reporter of CVE-2017-7486. last seen 2020-06-01 modified 2020-06-02 plugin id 102142 published 2017-08-03 reporter This script is Copyright (C) 2017-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102142 title RHEL 5 : rh-postgresql95-postgresql (RHSA-2017:1838) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:1838. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(102142); script_version("3.8"); script_cvs_date("Date: 2019/10/24 15:35:43"); script_cve_id("CVE-2017-7484", "CVE-2017-7485", "CVE-2017-7486"); script_xref(name:"RHSA", value:"2017:1838"); script_name(english:"RHEL 5 : rh-postgresql95-postgresql (RHSA-2017:1838)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for rh-postgresql95-postgresql is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This update applies only to Satellite 5.8 instances using either embedded or managed PostgreSQL databases. There are manual steps required in order to finish the migration from postgresql92-postgresql to rh-postgresql95-postgresql. If these steps are not undertaken, the affected Satellite will continue to use PostgreSQL 9.2. postgresql92-postgresql will be upgraded automatically to rh-postgresql95-postgresql as part of an upgrade to Satellite 5.8. PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es) : * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) * It was discovered that the PostgreSQL client library (libpq) did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2017-7485) * It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Robert Haas as the original reporter of CVE-2017-7484; Daniel Gustafsson as the original reporter of CVE-2017-7485; and Andrew Wheelwright as the original reporter of CVE-2017-7486." ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2017-1838.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2017-7484.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2017-7485.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2017-7486.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-postgresql95-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-postgresql95-postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-postgresql95-postgresql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-postgresql95-postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-postgresql95-postgresql-pltcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-postgresql95-postgresql-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.8"); script_set_attribute(attribute:"patch_publication_date", value:"2017/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 Tenable Network Security, Inc."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5\.8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.8", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2017:1838"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", sp:"8", cpu:"s390x", reference:"rh-postgresql95-postgresql-9.5.7-2.el6")) flag++; if (rpm_check(release:"RHEL5", sp:"8", cpu:"x86_64", reference:"rh-postgresql95-postgresql-9.5.7-2.el6")) flag++; if (rpm_check(release:"RHEL5", sp:"8", cpu:"s390x", reference:"rh-postgresql95-postgresql-contrib-9.5.7-2.el6")) flag++; if (rpm_check(release:"RHEL5", sp:"8", cpu:"x86_64", reference:"rh-postgresql95-postgresql-contrib-9.5.7-2.el6")) flag++; if (rpm_check(release:"RHEL5", sp:"8", cpu:"s390x", reference:"rh-postgresql95-postgresql-debuginfo-9.5.7-2.el6")) flag++; if (rpm_check(release:"RHEL5", sp:"8", cpu:"x86_64", reference:"rh-postgresql95-postgresql-debuginfo-9.5.7-2.el6")) flag++; if (rpm_check(release:"RHEL5", sp:"8", cpu:"s390x", reference:"rh-postgresql95-postgresql-libs-9.5.7-2.el6")) flag++; if (rpm_check(release:"RHEL5", sp:"8", cpu:"x86_64", reference:"rh-postgresql95-postgresql-libs-9.5.7-2.el6")) flag++; if (rpm_check(release:"RHEL5", sp:"8", cpu:"s390x", reference:"rh-postgresql95-postgresql-pltcl-9.5.7-2.el6")) flag++; if (rpm_check(release:"RHEL5", sp:"8", cpu:"x86_64", reference:"rh-postgresql95-postgresql-pltcl-9.5.7-2.el6")) flag++; if (rpm_check(release:"RHEL5", sp:"8", cpu:"s390x", reference:"rh-postgresql95-postgresql-server-9.5.7-2.el6")) flag++; if (rpm_check(release:"RHEL5", sp:"8", cpu:"x86_64", reference:"rh-postgresql95-postgresql-server-9.5.7-2.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rh-postgresql95-postgresql / rh-postgresql95-postgresql-contrib / etc"); } }NASL family Databases NASL id POSTGRESQL_20170511.NASL description The version of PostgreSQL installed on the remote host is 9.2.x prior to 9.2.21, 9.3.x prior to 9.3.17, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.7, or 9.6.x prior to 9.6.3. It is, therefore, affected by multiple vulnerabilities : - A information disclosure vulnerability exists in unspecified selectivity estimation functions due to improper checking of user privileges before providing information from pg_statistics. An authenticated, remote attacker can exploit this to disclose potentially sensitive information from restricted tables. (CVE-2017-7484) - A flaw exists because the PGREQUIRESSL environment variable setting is not properly honored, which results in a failure to require appropriate SSL/TLS connections. A man-in-the-middle attacker can exploit this to cause an insecure, non-SSL/TLS connection between a client and and a server. Note that version 9.2.x is not affected by this vulnerability. (CVE-2017-7485) - A information disclosure vulnerability exists in the pg_user_mappings view that allows access to user mappings which may contain passwords that have persisted from the CREATE USER MAPPING command. An authenticated, remote attacker who has USAGE privilege on the associated foreign server can exploit this to disclose foreign server passwords. (CVE-2017-7486) last seen 2020-06-01 modified 2020-06-02 plugin id 100260 published 2017-05-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100260 title PostgreSQL 9.2.x < 9.2.21 / 9.3.x < 9.3.17 / 9.4.x < 9.4.12 / 9.5.x < 9.5.7 / 9.6.x < 9.6.3 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc # include("compat.inc"); if (description) { script_id(100260); script_version("1.14"); script_cvs_date("Date: 2019/11/13"); script_cve_id("CVE-2017-7484", "CVE-2017-7485", "CVE-2017-7486"); script_bugtraq_id(98459, 98460, 98461); script_name(english:"PostgreSQL 9.2.x < 9.2.21 / 9.3.x < 9.3.17 / 9.4.x < 9.4.12 / 9.5.x < 9.5.7 / 9.6.x < 9.6.3 Multiple Vulnerabilities"); script_summary(english:"Checks the version of PostgreSQL."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of PostgreSQL installed on the remote host is 9.2.x prior to 9.2.21, 9.3.x prior to 9.3.17, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.7, or 9.6.x prior to 9.6.3. It is, therefore, affected by multiple vulnerabilities : - A information disclosure vulnerability exists in unspecified selectivity estimation functions due to improper checking of user privileges before providing information from pg_statistics. An authenticated, remote attacker can exploit this to disclose potentially sensitive information from restricted tables. (CVE-2017-7484) - A flaw exists because the PGREQUIRESSL environment variable setting is not properly honored, which results in a failure to require appropriate SSL/TLS connections. A man-in-the-middle attacker can exploit this to cause an insecure, non-SSL/TLS connection between a client and and a server. Note that version 9.2.x is not affected by this vulnerability. (CVE-2017-7485) - A information disclosure vulnerability exists in the pg_user_mappings view that allows access to user mappings which may contain passwords that have persisted from the CREATE USER MAPPING command. An authenticated, remote attacker who has USAGE privilege on the associated foreign server can exploit this to disclose foreign server passwords. (CVE-2017-7486)"); script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/about/news/1746/"); script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/current/static/release-9-2-21.html"); script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/current/release-9-3-17.html"); script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/current/release-9-4-12.html"); script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/current/release-9-5-7.html"); script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/current/release-9-6-3.html"); script_set_attribute(attribute:"solution", value: "Upgrade to PostgreSQL version 9.2.21 / 9.3.17 / 9.4.12 / 9.5.7 / 9.6.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7486"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:postgresql:postgresql"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("postgresql_version.nbin"); script_require_ports("Services/postgresql", 5432); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); include("backport.inc"); port = get_service(svc:"postgresql", default:5432, exit_on_fail:TRUE); kb_backported = NULL; version = get_kb_item_or_exit('database/'+port+'/postgresql/version'); source = get_kb_item_or_exit('database/'+port+'/postgresql/source'); kb_base = "database/"+port+"/postgresql/"; get_backport_banner(banner:source); if (backported) { if (report_paranoia < 2) audit(AUDIT_BACKPORT_SERVICE, port, 'PostgreSQL server'); kb_backported = kb_base +"backported"; } app_info = vcf::get_app_info(app:"PostgreSQL", port:port, kb_ver:kb_base+"version", kb_backport:kb_backported, service:TRUE); # 9.2.21 / 9.3.17 / 9.4.12 / 9.5.7 / 9.6.3 constraints = [ { "min_version" : "9.2", "fixed_version" : "9.2.21" }, { "min_version" : "9.3", "fixed_version" : "9.3.17" }, { "min_version" : "9.4", "fixed_version" : "9.4.12" }, { "min_version" : "9.5", "fixed_version" : "9.5.7" }, { "min_version" : "9.6", "fixed_version" : "9.6.3" } ]; vcf::postgresql::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201710-06.NASL description The remote host is affected by the vulnerability described in GLSA-201710-06 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the referenced CVE identifiers for details. Impact : A remote attacker could escalate privileges, cause a Denial of Service condition, obtain passwords, cause a loss in information, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 103724 published 2017-10-09 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103724 title GLSA-201710-06 : PostgreSQL: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_414C18BF365311E795506CC21735F730.NASL description The PostgreSQL project reports : Security Fixes nested CASE expressions + database and role names with embedded special characters - CVE-2017-7484: selectivity estimators bypass SELECT privilege checks. - CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable - CVE-2017-7486: pg_user_mappings view discloses foreign server passwords. This applies to new databases, see the release notes for the procedure to apply the fix to an existing database. last seen 2020-06-01 modified 2020-06-02 plugin id 100141 published 2017-05-12 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100141 title FreeBSD : PostgreSQL vulnerabilities (414c18bf-3653-11e7-9550-6cc21735f730) NASL family Fedora Local Security Checks NASL id FEDORA_2017-0D5817EFC0.NASL description Fixes CVE-2017-7484 CVE-2017-7485 CVE-2017-7486. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101572 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101572 title Fedora 26 : mingw-postgresql (2017-0d5817efc0) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1783-1.NASL description This update for postgresql93 fixes the following issues : - bsc#1029547: Fix tests with timezone 2017a - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624) - CVE-2017-7485: Recognize PGREQUIRESSL variable again. (bsc#1038293) - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101260 published 2017-07-06 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101260 title SUSE SLES11 Security Update : postgresql94 (SUSE-SU-2017:1783-1)
Redhat
| advisories |
| ||||||||||||||||
| rpms |
|
References
- http://www.debian.org/security/2017/dsa-3851
- http://www.securityfocus.com/bid/98461
- http://www.securitytracker.com/id/1038476
- https://access.redhat.com/errata/RHSA-2017:1677
- https://access.redhat.com/errata/RHSA-2017:1678
- https://access.redhat.com/errata/RHSA-2017:1838
- https://access.redhat.com/errata/RHSA-2017:2425
- https://security.gentoo.org/glsa/201710-06
- https://www.postgresql.org/about/news/1746/