|
Family: Databases --> Category: infos
PostgreSQL Character Conversion and Tsearch2 Module Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for character conversion and tsearch2 module vulnerabilities in PostgreSQL
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote database server is affected by multiple vulnerabilities.
Description :
According to its banner, the version of PostgreSQL installed on the
remote host may suffer from the following vulnerabilities :
- Character Conversion Vulnerability
Unprivileged users can call functions supporting client-
server character set conversion from SQL commands even
though those functions do not validate their arguments.
- tsearch2 Vulnerability
If installed, the 'contrib/tsearch2' module permits users
to at a minimum crash the backend because it misdeclares
several functions as returning type 'internal' when in
fact they do not have any 'internal' argument.
See also:
http://www.postgresql.org/about/news.315
http://developer.postgresql.org/docs/postgres/release-8-0-3.html
Solution :
Implement the changes described in the PostgreSQL advisory.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|