Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN6-1 : postgresql contributed script vulnerability Vulnerability Scan

Vulnerability Scan Summary
postgresql contributed script vulnerability

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libecpg-dev
- libecpg4
- libpgtcl
- libpgtcl-dev
- libpq3
- postgresql
- postgresql-client
- postgresql-contrib
- postgresql-dev
- postgresql-doc

Description :

Recently, Trustix Secure Linux discovered a vulnerability in the
postgresql-contrib package. The script "make_oidjoins_check" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the rights of the user
invoking the script.

Solution :

Upgrade to :
- libecpg-dev-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- libecpg4-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- libpgtcl-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- libpgtcl-dev-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- libpq3-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- postgresql-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- postgresql-client-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- postgresql-contrib-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- postgresql-dev-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- postgresql-doc-7.4.5-3ubuntu0.1 (Ubuntu 4.10)

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.