Databases : PostgreSQL 'xml_parse()' And 'xslt_process()' Multiple Vulnerabilities (Windows)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803219

Categoría: Databases

Título: PostgreSQL 'xml_parse()' And 'xslt_process()' Multiple Vulnerabilities (Windows)

Resumen: This host is installed with PostgreSQL and is prone to multiple; vulnerabilities.

Descripción: Summary:
This host is installed with PostgreSQL and is prone to multiple
vulnerabilities.

Vulnerability Insight:
- An error exists within the 'xml_parse()' function when parsing DTD data
within XML documents.

- An error exists within the 'xslt_process()' when parsing XSLT style sheets.

Vulnerability Impact:
Successful exploitation will allow attacker to modify data, obtain sensitive
information or trigger outbound traffic to arbitrary external hosts.

Affected Software/OS:
PostgreSQL versions 8.3 before 8.3.20, 8.4 before 8.4.13,
9.0 before 9.0.9, and 9.1 before 9.1.5 on Windows.

Solution:
Upgrade to PostgreSQL 8.3.20, 8.4.13, 9.0.9 or 9.1.5 or later.

CVSS Score:
4.9

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:N

Referencia Cruzada: BugTraq ID: 55072
BugTraq ID: 55074
Common Vulnerability Exposure (CVE) ID: CVE-2012-3488
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
http://www.securityfocus.com/bid/55072
Debian Security Information: DSA-2534 (Google Search)
http://www.debian.org/security/2012/dsa-2534
http://www.mandriva.com/security/advisories?name=MDVSA-2012:139
RedHat Security Advisories: RHSA-2012:1263
http://rhn.redhat.com/errata/RHSA-2012-1263.html
RedHat Security Advisories: RHSA-2012:1264
http://rhn.redhat.com/errata/RHSA-2012-1264.html
http://secunia.com/advisories/50635
http://secunia.com/advisories/50636
http://secunia.com/advisories/50718
http://secunia.com/advisories/50859
http://secunia.com/advisories/50946
SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
http://www.ubuntu.com/usn/USN-1542-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-3489
http://www.securityfocus.com/bid/55074

Copyright Copyright (C) 2013 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803219
Categoría:	Databases
Título:	PostgreSQL 'xml_parse()' And 'xslt_process()' Multiple Vulnerabilities (Windows)
Resumen:	This host is installed with PostgreSQL and is prone to multiple; vulnerabilities.
Descripción:	Summary: This host is installed with PostgreSQL and is prone to multiple vulnerabilities. Vulnerability Insight: - An error exists within the 'xml_parse()' function when parsing DTD data within XML documents. - An error exists within the 'xslt_process()' when parsing XSLT style sheets. Vulnerability Impact: Successful exploitation will allow attacker to modify data, obtain sensitive information or trigger outbound traffic to arbitrary external hosts. Affected Software/OS: PostgreSQL versions 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 on Windows. Solution: Upgrade to PostgreSQL 8.3.20, 8.4.13, 9.0.9 or 9.1.5 or later. CVSS Score: 4.9 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Referencia Cruzada:	BugTraq ID: 55072 BugTraq ID: 55074 Common Vulnerability Exposure (CVE) ID: CVE-2012-3488 http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://www.securityfocus.com/bid/55072 Debian Security Information: DSA-2534 (Google Search) http://www.debian.org/security/2012/dsa-2534 http://www.mandriva.com/security/advisories?name=MDVSA-2012:139 RedHat Security Advisories: RHSA-2012:1263 http://rhn.redhat.com/errata/RHSA-2012-1263.html RedHat Security Advisories: RHSA-2012:1264 http://rhn.redhat.com/errata/RHSA-2012-1264.html http://secunia.com/advisories/50635 http://secunia.com/advisories/50636 http://secunia.com/advisories/50718 http://secunia.com/advisories/50859 http://secunia.com/advisories/50946 SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html http://www.ubuntu.com/usn/USN-1542-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3489 http://www.securityfocus.com/bid/55074
Copyright	Copyright (C) 2013 Greenbone Networks GmbH