PostgreSQL < 7.2.3 Multiple Vulnerabilities

medium Nessus Plugin ID 11456

Language:

Synopsis

Arbitrary commands may be run on the remote server.

Description

The remote PostgreSQL server, according to its version number, is vulnerable to various flaws which may allow an attacker who has the rights to query the remote database to obtain a shell on this host.

Solution

Upgrade to postgresql 7.2.3 or later.

Plugin Details

Severity: Medium

ID: 11456

File Name: postgresql_multiple_flaws.nasl

Version: 1.24

Type: remote

Family: Databases

Published: 3/24/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Exploit Ease: No known exploits are available

Patch Publication Date: 10/1/2002

Vulnerability Publication Date: 8/12/2002

Reference Information

CVE: CVE-2002-1397, CVE-2002-1398, CVE-2002-1399, CVE-2002-1400, CVE-2002-1401, CVE-2002-1402

BID: 5497, 5527, 6610, 6611, 6612, 6613, 6614, 6615, 7075

CWE: 119

RHSA: 2003:0010-10