Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN258-1 : postgresql-7.4, postgresql-8.0, postgresql vulnerability Vulnerability Scan


Vulnerability Scan Summary
postgresql-7.4, postgresql-8.0, postgresql vulnerability

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libecpg-compat2
- libecpg-dev
- libecpg4
- libecpg5
- libpgtcl
- libpgtcl-dev
- libpgtypes2
- libpq-dev
- libpq3
- libpq4
- postgresql
- postgresql-7.4
- postgresql-8.0
- postgresql-client
- postgresql-client-7.4
- postgresql-client-8.0
- postgresql-contrib
- postgresql-contrib-7.4
- postgresql-contrib-8.0
- postgresql-dev
- postgresql-doc
- postgresql-doc-7.4
- postgresql-doc-8.0
- postgresql-plperl-7.4
- postgresql-plperl-8.0
[...]

Description :

Akio Ishida discovered that the SET SESSION AUTHORIZATION command did
not properly verify the validity of its argument. An authenticated
PostgreSQL user could exploit this to crash the server.

However, this does not affect the official binary Ubuntu packages. The
crash can only be triggered if the source package is rebuilt with
assertions enabled (which is not the case in the official binary
packages).

Solution :

Upgrade to :
- libecpg-compat2-8.0.3-15ubuntu2.1 (Ubuntu 5.04)
- libecpg-dev-8.0.3-15ubuntu2.1 (Ubuntu 5.04)
- libecpg4-7.4.7-2ubuntu2.2 (Ubuntu 5.04)
- libecpg5-8.0.3-15ubuntu2.1 (Ubuntu 5.04)
- libpgtcl-7.4.7-2ubuntu2.2 (Ubuntu 5.04)
- libpgtcl-dev-7.4.7-2ubuntu2.2 (Ubuntu 5.04)
- libpgtypes2-8.0.3-15ubuntu2.1 (Ubuntu 5.04)
- libpq-dev-8.0.3-15ubuntu2.1 (Ubuntu 5.04)
- libpq3-7.4.8-17ubuntu1.1 (Ubuntu 5.04)
- libpq4-8.0.3-15ubuntu2.1 (Ubuntu 5.04)
- postgresql-7.4.7-2ubuntu2.2 (Ubuntu 5.04)
- postgresql
[...]


Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.