Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.51669
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2005:150
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory RHSA-2005:150.

PostgreSQL is an advanced Object-Relational database management system
(DBMS).

A flaw in the LOAD command in PostgreSQL was discovered. A local user
could use this flaw to load arbitrary shared libraries and therefore
execute arbitrary code, gaining the privileges of the PostgreSQL server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0227 to this issue.

Multiple buffer overflows were found in PL/PgSQL. A database user who has
permissions to create plpgsql functions could trigger this flaw which could
lead to arbitrary code execution, gaining the privileges of the PostgreSQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2005-0245 and CVE-2005-0247 to these issues.

Users of PostgreSQL are advised to update to these erratum packages which
are not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-150.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0247

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-0227
BugTraq ID: 12411
http://www.securityfocus.com/bid/12411
Bugtraq: 20050201 [USN-71-1] PostgreSQL vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110726899107148&w=2
Debian Security Information: DSA-668 (Google Search)
http://www.debian.org/security/2005/dsa-668
http://security.gentoo.org/glsa/glsa-200502-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234
http://www.redhat.com/support/errata/RHSA-2005-138.html
http://www.redhat.com/support/errata/RHSA-2005-150.html
http://secunia.com/advisories/12948
SuSE Security Announcement: SUSE-SA:2005:036 (Google Search)
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
http://www.trustix.org/errata/2005/0003/
Common Vulnerability Exposure (CVE) ID: CVE-2005-0245
BugTraq ID: 12417
http://www.securityfocus.com/bid/12417
Bugtraq: 20050210 [USN-79-1] PostgreSQL vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110806034116082&w=2
Debian Security Information: DSA-683 (Google Search)
http://www.debian.org/security/2005/dsa-683
http://archives.postgresql.org/pgsql-committers/2005-01/msg00298.php
http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
http://archives.postgresql.org/pgsql-patches/2005-01/msg00216.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10175
XForce ISS Database: postgresql-cursor-bo(19188)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19188
Common Vulnerability Exposure (CVE) ID: CVE-2005-0247
http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9345
SuSE Security Announcement: SUSE-SA:2005:027 (Google Search)
http://www.novell.com/linux/security/advisories/2005_27_postgresql.html
XForce ISS Database: postgresql-fetch-makefetchstmt-bo(19378)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19378
XForce ISS Database: postgresql-makeselectstmt-arbitrary-bo(19377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19377
XForce ISS Database: postgresql-makeselectstmt-input-bo(19376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19376
XForce ISS Database: postgresql-readsqlconstruct-bo(19375)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19375
Common Vulnerability Exposure (CVE) ID: CVE-2004-0977
BugTraq ID: 11295
http://www.securityfocus.com/bid/11295
Debian Security Information: DSA-577 (Google Search)
http://www.debian.org/security/2004/dsa-577
http://security.gentoo.org/glsa/glsa-200410-16.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:149
http://marc.info/?l=bugtraq&m=109910073808903&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360
http://www.redhat.com/support/errata/RHSA-2004-489.html
http://www.trustix.org/errata/2004/0050
https://www.ubuntu.com/usn/usn-6-1/
XForce ISS Database: script-temporary-file-overwrite(17583)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.