Test Kennung:	1.3.6.1.4.1.25623.1.0.62880
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2008:0040
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2008:0040. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with trust or ident authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 8.1.11 and 8.2.6, and resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0040.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.2
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3278 Bugtraq: 20070616 Having Fun With PostgreSQL (Google Search) http://www.securityfocus.com/archive/1/471541/100/0/threaded Bugtraq: 20070618 Re: Having Fun With PostgreSQL (Google Search) http://www.securityfocus.com/archive/1/471644/100/0/threaded Debian Security Information: DSA-1460 (Google Search) http://www.debian.org/security/2008/dsa-1460 Debian Security Information: DSA-1463 (Google Search) http://www.debian.org/security/2008/dsa-1463 http://security.gentoo.org/glsa/glsa-200801-15.xml HPdes Security Advisory: HPSBTU02325 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 HPdes Security Advisory: SSRT080006 http://www.mandriva.com/security/advisories?name=MDKSA-2007:188 http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf http://osvdb.org/40899 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334 http://www.redhat.com/support/errata/RHSA-2008-0038.html http://www.redhat.com/support/errata/RHSA-2008-0039.html http://www.redhat.com/support/errata/RHSA-2008-0040.html http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28454 http://secunia.com/advisories/28477 http://secunia.com/advisories/28479 http://secunia.com/advisories/28679 http://secunia.com/advisories/29638 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 https://usn.ubuntu.com/568-1/ http://www.vupen.com/english/advisories/2008/0109 http://www.vupen.com/english/advisories/2008/1071/references XForce ISS Database: postgresql-dblink-sql-injection(35142) https://exchange.xforce.ibmcloud.com/vulnerabilities/35142 Common Vulnerability Exposure (CVE) ID: CVE-2007-4769 BugTraq ID: 27163 http://www.securityfocus.com/bid/27163 Bugtraq: 20080107 PostgreSQL 2007-01-07 Cumulative Security Release (Google Search) http://www.securityfocus.com/archive/1/485864/100/0/threaded Bugtraq: 20080115 rPSA-2008-0016-1 postgresql postgresql-server (Google Search) http://www.securityfocus.com/archive/1/486407/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9804 http://securitytracker.com/id?1019157 http://secunia.com/advisories/28359 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28698 SuSE Security Announcement: SUSE-SA:2008:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://www.vupen.com/english/advisories/2008/0061 XForce ISS Database: postgresql-backref-dos(39499) https://exchange.xforce.ibmcloud.com/vulnerabilities/39499 Common Vulnerability Exposure (CVE) ID: CVE-2007-4772 Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search) http://www.securityfocus.com/archive/1/493080/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2008:059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11569 http://www.redhat.com/support/errata/RHSA-2008-0134.html RedHat Security Advisories: RHSA-2013:0122 http://rhn.redhat.com/errata/RHSA-2013-0122.html http://secunia.com/advisories/29070 http://secunia.com/advisories/29248 http://secunia.com/advisories/30535 SuSE Security Announcement: SUSE-SU-2016:0539 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html SuSE Security Announcement: SUSE-SU-2016:0555 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html SuSE Security Announcement: SUSE-SU-2016:0677 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html SuSE Security Announcement: openSUSE-SU-2016:0531 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html SuSE Security Announcement: openSUSE-SU-2016:0578 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html http://www.vupen.com/english/advisories/2008/1744 XForce ISS Database: postgresql-regular-expression-dos(39497) https://exchange.xforce.ibmcloud.com/vulnerabilities/39497 Common Vulnerability Exposure (CVE) ID: CVE-2007-6067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235 XForce ISS Database: postgresql-complex-expression-dos(39498) https://exchange.xforce.ibmcloud.com/vulnerabilities/39498 Common Vulnerability Exposure (CVE) ID: CVE-2007-6600 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493 XForce ISS Database: postgresql-indexfunctions-priv-escalation(39496) https://exchange.xforce.ibmcloud.com/vulnerabilities/39496 Common Vulnerability Exposure (CVE) ID: CVE-2007-6601 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11127 XForce ISS Database: postgresql-dblink-privilege-escalation(39500) https://exchange.xforce.ibmcloud.com/vulnerabilities/39500
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.