NASLDB: RHSA-2002-301: postgresql
General
ID: 12343
Name: RHSA-2002-301: postgresql
Summary: Check for the version of the postgresql packages
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –
Port: 0
Family: Red Hat Local Security Checks
Type: Local
Description
Updated PostgreSQL packages are available which correct
several minor security vulnerabilities.
[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1
PostgreSQL is an advanced Object-Relational database management system
(DBMS). Red Hat Linux Advanced Server 2.1 shipped with PostgreSQL version
7.1.3 which has several security vulnerabilities.
Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of
service and possibly execute arbitrary code via long arguments to the lpad
or rpad functions. CAN-2002-0972
Buffer overflow in the cash_words() function for PostgreSQL 7.2 and
earlier allows local users to cause a denial of service and possibly
execute arbitrary code via a malformed argument. CAN-2002-1397
Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows
attackers to cause a denial of service and possibly execute arbitrary
code via a long date string, referred to as a vulnerability "in handling
long datetime input." CAN-2002-1398
Heap-based buffer overflow in the repeat() function for PostgreSQL
before 7.2.2 allows attackers to execute arbitrary code by causing
repeat() to generate a large string. CAN-2002-1400
Buffer overflows in circle_poly, path_encode, and path_add allow attackers
to cause a denial of service and possibly execute arbitrary code. Note
that these issues have been fixed in our packages and in PostgreSQL CVS,
but are not included in PostgreSQL version 7.2.2 or 7.2.3. CAN-2002-1401
Buffer overflows in the TZ and SET TIME ZONE enivronment variables for
PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service
and possibly execute arbitrary code. CAN-2002-1402
Note that these vulnerabilities are only critical on open or shared systems
because connecting to the database is required before the vulnerabilities
can be exploited.
The PostgreSQL Global Development Team has released versions of PostgreSQL
that fix these vulnerabilities, and these fixes have been isolated and
backported into the updated 7.1.3 packages provided with this errata.
All users of Red Hat Linux Advanced Server 2.1 who use PostgreSQL are
advised to install these updated packages.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2002-0972
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2004/07/06
Plugin
Version: 1.12
Filename: redhat-RHSA-2002-301.nasl
Filesize: 5020 bytes
MD5 Hash: 78cd443a305743f2e71bf21fbb137ff5
Identification: Host/RedHat/rpm-list
Require Keys: Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"
Copyright: This script is Copyright© 2004-2011 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack