Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Databases --> Category: infos

PostgreSQL Character Conversion and Tsearch2 Module Vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
Checks for character conversion and tsearch2 module vulnerabilities in PostgreSQL

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of PostgreSQL installed on the
remote host may suffer from the following vulnerabilities :

- Character Conversion Vulnerability
Unprivileged users can call functions supporting client-
server character set conversion from SQL commands even
though those functions do not validate their arguments.

- tsearch2 Vulnerability
If installed, the 'contrib/tsearch2' module permits users
to at a minimum crash the backend because it misdeclares
several functions as returning type 'internal' when in
fact they do not have any 'internal' argument.

See also:

http://www.postgresql.org/about/news.315
http://developer.postgresql.org/docs/postgres/release-8-0-3.html

Solution :

Implement the changes described in the PostgreSQL advisory.

Threat Level:

Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:R/C:P/A:P/I:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.