Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.100400 |
Kategorie: | Databases |
Titel: | PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability |
Zusammenfassung: | PostgreSQL is prone to a security-bypass vulnerability because the; application fails to properly validate the domain name in a signed CA certificate, allowing attackers; to substitute malicious SSL certificates for trusted ones.;; PostgreSQL is also prone to a local privilege-escalation vulnerability. |
Beschreibung: | Summary: PostgreSQL is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. PostgreSQL is also prone to a local privilege-escalation vulnerability. Vulnerability Impact: Successfully exploiting this issue allows attackers to perform man-in-the- middle attacks or impersonate trusted servers, which will aid in further attacks. Exploiting the privilege-escalation vulnerability allows local attackers to gain elevated privileges. Affected Software/OS: PostgreSQL versions prior to 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and 7.4.27 are vulnerable to this issue. Solution: Updates are available. Please see the references for more information. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 37334 BugTraq ID: 37333 Common Vulnerability Exposure (CVE) ID: CVE-2009-4034 http://www.securityfocus.com/bid/37334 Bugtraq: 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server (Google Search) http://www.securityfocus.com/archive/1/509917/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html HPdes Security Advisory: HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 HPdes Security Advisory: SSRT100617 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 http://osvdb.org/61038 http://www.securitytracker.com/id?1023325 http://secunia.com/advisories/37663 SuSE Security Announcement: SUSE-SR:2010:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://www.vupen.com/english/advisories/2009/3519 Common Vulnerability Exposure (CVE) ID: CVE-2009-4136 http://www.securityfocus.com/bid/37333 http://osvdb.org/61039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9358 http://www.redhat.com/support/errata/RHSA-2010-0427.html http://www.redhat.com/support/errata/RHSA-2010-0428.html http://www.redhat.com/support/errata/RHSA-2010-0429.html http://www.securitytracker.com/id?1023326 http://secunia.com/advisories/39820 http://www.vupen.com/english/advisories/2010/1197 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |