Vulnerabilities > CVE-2019-10209 - Out-of-bounds Read vulnerability in Postgresql

047910
CVSS 2.2 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
HIGH
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
high complexity
postgresql
CWE-125
nessus

Summary

Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4090-1.NASL
    descriptionTom Lane discovered that PostgreSQL did not properly restrict functions declared as
    last seen2020-06-01
    modified2020-06-02
    plugin id127806
    published2019-08-12
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127806
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities (USN-4090-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4090-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127806);
      script_version("1.5");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2019-10208", "CVE-2019-10209");
      script_xref(name:"USN", value:"4090-1");
      script_xref(name:"IAVB", value:"2019-B-0072");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities (USN-4090-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Tom Lane discovered that PostgreSQL did not properly restrict
    functions declared as 'SECURITY DEFINER'. An attacker could use this
    to execute arbitrary SQL with the permissions of the function owner.
    (CVE-2019-10208)
    
    Andreas Seltenreich discovered that PostgreSQL did not properly handle
    user-defined hash equality operators. An attacker could use this to
    expose sensitive information (arbitrary PostgreSQL server memory).
    This issue only affected Ubuntu 19.04. (CVE-2019-10209).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4090-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected postgresql-10, postgresql-11 and / or
    postgresql-9.5 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-9.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"postgresql-9.5", pkgver:"9.5.19-0ubuntu0.16.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"postgresql-10", pkgver:"10.10-0ubuntu0.18.04.1")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"postgresql-11", pkgver:"11.5-0ubuntu0.19.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql-10 / postgresql-11 / postgresql-9.5");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-5FBBF73269.NASL
    descriptionNew upstream release 10.10 Per release notes: https://www.postgresql.org/docs/11/release-10-10.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127934
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127934
    titleFedora 29 : postgresql (2019-5fbbf73269)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-5fbbf73269.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127934);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2019-10208", "CVE-2019-10209", "CVE-2019-10211");
      script_xref(name:"FEDORA", value:"2019-5fbbf73269");
    
      script_name(english:"Fedora 29 : postgresql (2019-5fbbf73269)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New upstream release 10.10
    
    Per release notes:
    https://www.postgresql.org/docs/11/release-10-10.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5fbbf73269"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.postgresql.org/docs/11/release-10-10.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected postgresql package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"postgresql-10.10-1.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql");
    }
    
  • NASL familyDatabases
    NASL idPOSTGRESQL_20190809.NASL
    descriptionThe version of PostgreSQL installed on the remote host is 11.x prior to 11.5. It is, therefore, affected by a memory disclosure vulnerability that allows an attacker to read arbitrary bytes of server memory.
    last seen2020-06-01
    modified2020-06-02
    plugin id127906
    published2019-08-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127906
    titlePostgreSQL 11.x < 11.5 Memory disclosure in cross-type comparison for hashed subplan
    code
    #
    # (C) Tenable Network Security, Inc
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127906);
      script_version("1.3");
      script_cvs_date("Date: 2019/10/31 15:18:51");
    
      script_cve_id("CVE-2019-10209");
      script_xref(name:"IAVB", value:"2019-B-0072");
    
      script_name(english:"PostgreSQL 11.x < 11.5 Memory disclosure in cross-type comparison for hashed subplan");
      script_summary(english:"Checks the version of PostgreSQL.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of PostgreSQL installed on the remote host is 11.x prior
    to 11.5. It is, therefore, affected by a memory disclosure
    vulnerability that allows an attacker to read arbitrary bytes of
    server memory.");
      script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/about/news/1960/");
      script_set_attribute(attribute:"see_also", value:"https://www.postgresql.org/docs/11/release-11-5.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to PostgreSQL version 11.5 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10209");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:postgresql:postgresql");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("postgresql_version.nbin");
      script_require_ports("Services/postgresql", 5432);
    
      exit(0);
    }
    
    include('vcf.inc');
    include('backport.inc');
    
    app = 'PostgreSQL';
    port = get_service(svc:'postgresql', default:5432, exit_on_fail:TRUE);
    kb_base = 'database/' + port + '/postgresql/';
    kb_ver = kb_base + 'version';
    get_kb_item_or_exit(kb_ver);
    
    kb_backport = NULL;
    source = get_kb_item_or_exit(kb_base + 'source');
    get_backport_banner(banner:source);
    if (backported) kb_backport = kb_base + 'backported';
    
    app_info = vcf::get_app_info(app:app, port:port, kb_ver:kb_ver, kb_backport:kb_backport, service:TRUE);
    
    constraints = [
      { 'min_version' : '11.0', 'fixed_version' : '11.5' }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9DE4C1C1B9EE11E982AA6CC21735F730.NASL
    descriptionThe PostgreSQL project reports : Versions Affected: 9.4 - 11 Given a suitable `SECURITY DEFINER` function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires `EXECUTE` permission on the function, which must itself contain a function call having inexact argument type match. For example, `length(
    last seen2020-06-01
    modified2020-06-02
    plugin id127549
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127549
    titleFreeBSD : PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution (9de4c1c1-b9ee-11e9-82aa-6cc21735f730)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2020 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127549);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2019-10208", "CVE-2019-10209");
      script_xref(name:"IAVB", value:"2019-B-0072");
    
      script_name(english:"FreeBSD : PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution (9de4c1c1-b9ee-11e9-82aa-6cc21735f730)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The PostgreSQL project reports :
    
    Versions Affected: 9.4 - 11
    
    Given a suitable `SECURITY DEFINER` function, an attacker can execute
    arbitrary SQL under the identity of the function owner. An attack
    requires `EXECUTE` permission on the function, which must itself
    contain a function call having inexact argument type match. For
    example, `length('foo'::varchar)` and `length('foo')` are inexact,
    while `length('foo'::text)` is exact. As part of exploiting this
    vulnerability, the attacker uses `CREATE DOMAIN` to create a type in a
    `pg_temp` schema. The attack pattern and fix are similar to that for
    CVE-2007-2138.
    
    Writing `SECURITY DEFINER` functions continues to require following
    the considerations noted in the documentation :
    
    https://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREA
    TEFUNCTION-SECURITY
    
    Versions Affected: 11
    
    In a database containing hypothetical, user-defined hash equality
    operators, an attacker could read arbitrary bytes of server memory.
    For an attack to become possible, a superuser would need to create
    unusual operators. It is possible for operators not purpose-crafted
    for attack to have the properties that enable an attack, but we are
    not aware of specific examples."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.postgresql.org/about/news/1960/"
      );
      # https://vuxml.freebsd.org/freebsd/9de4c1c1-b9ee-11e9-82aa-6cc21735f730.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a61e8eba"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql10-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql11-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql94-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql95-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql96-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"postgresql11-server<11.5")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql10-server<10.10")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql96-server<9.6.15")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql95-server<9.5.19")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql94-server<9.4.24")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-986FCE48B4.NASL
    descriptionNew upstream release 11.5 Per release notes: https://www.postgresql.org/docs/11/release-11-5.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127939
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127939
    titleFedora 30 : libpq / postgresql (2019-986fce48b4)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4493.NASL
    descriptionTwo security issues have been discovered in the PostgreSQL database system, which could result in privilege escalation, denial of service or memory disclosure. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1960/
    last seen2020-06-01
    modified2020-06-02
    plugin id127489
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127489
    titleDebian DSA-4493-1 : postgresql-11 - security update