Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN288-1 : postgresql-7.4/-8.0, postgresql, psycopg, Vulnerability Scan


Vulnerability Scan Summary
postgresql-7.4/-8.0, postgresql, psycopg,

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libecpg-compat2
- libecpg-dev
- libecpg4
- libecpg5
- libpgtcl
- libpgtcl-dev
- libpgtypes2
- libpq-dev
- libpq3
- libpq4
- postgresql
- postgresql-7.4
- postgresql-8.0
- postgresql-client
- postgresql-client-7.4
- postgresql-client-8.0
- postgresql-contrib
- postgresql-contrib-7.4
- postgresql-contrib-8.0
- postgresql-dev
- postgresql-doc
- postgresql-doc-7.4
- postgresql-doc-8.0
- postgresql-plperl-7.4
- postgresql-plperl-8.0
[...]

Description :

CVE-2006-2313:
Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of
invalidly-encoded multibyte text data. If a client application
processed untrusted input without respecting its encoding and applied
standard string escaping techniques (such as replacing a single quote
>>'<< with >>\'<< or >>''<<), the PostgreSQL server could interpret the
resulting string in a way that allowed a possible hacker to inject arbitrary
SQL commands into the resulting SQL query. The PostgreSQL server has
been modified to reject such invalidly encoded strings now, which
completely fixes the problem for some 'safe' multibyte encodings like
UTF-8.

CVE-2006-2314:
However, there are some less popular and client-only multibyte
encodings (such as SJIS, BIG5, GBK, GB18030, and UHC) which contain
valid multibyte characters that end with the byte 0x5c, which is the
representation of the backslash character >>\<< in ASCII. Many client
libraries and applications use the non-standard, but pop
[...]

Solution :

Upgrade to :
- libecpg-compat2-8.0.3-15ubuntu2.2 (Ubuntu 5.10)
- libecpg-dev-8.0.3-15ubuntu2.2 (Ubuntu 5.10)
- libecpg4-7.4.7-2ubuntu2.3 (Ubuntu 5.04)
- libecpg5-8.0.3-15ubuntu2.2 (Ubuntu 5.10)
- libpgtcl-7.4.7-2ubuntu2.3 (Ubuntu 5.04)
- libpgtcl-dev-7.4.7-2ubuntu2.3 (Ubuntu 5.04)
- libpgtypes2-8.0.3-15ubuntu2.2 (Ubuntu 5.10)
- libpq-dev-8.0.3-15ubuntu2.2 (Ubuntu 5.10)
- libpq3-7.4.8-17ubuntu1.3 (Ubuntu 5.10)
- libpq4-8.0.3-15ubuntu2.2 (Ubuntu 5.10)
- postgresql-7.4.7-2ubuntu2.3 (Ubuntu 5.04)
- postgresql
[...]


Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

 Vulnerability Scanning Solutions, LLC.