PostgreSQL 8.4 < 8.4.20 / 9.0 < 9.0.16 / 9.1 < 9.1.12 / 9.2 < 9.2.7 / 9.3 < 9.3.3 Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote database server is affected by multiple vulnerabilities.

Description :

The version of PostgreSQL installed on the remote host is 8.4.x prior
to 8.4.20, 9.0.x prior to 9.0.16, 9.1.x prior to 9.1.12, 9.2.x prior to
9.2.7 or 9.3.x prior to 9.3.3. It is, therefore, potentially affected
by multiple vulnerabilities :

- SET ROLE bypasses lack of ADMIN OPTION when granting
roles. (CVE-2014-0060)

- It is possible to elevate privileges via calls to
validator functions. (CVE-2014-0061)

- It is possible to elevate privileges via a race
condition in CREATE INDEX. (CVE-2014-0062)

- Potential buffer overruns exist due to integer overflow
in size calculations. (CVE-2014-0063)

- Potential buffer overruns exist in datetime
input/output. (CVE-2014-0064)

- Multiple fixed-size buffers exist that could potentially
be overflowed. (CVE-2014-0065)

- A potential null pointer dereference crash is possible
when crypt(3) returns NULL. (CVE-2014-0066)

- Multiple integer overflow vulnerabilities exist in
'hstore_io.c' (CVE-2014-2669)

See also :

http://www.postgresql.org/about/news/1506/
http://www.postgresql.org/docs/8.4/static/release-8-4-20.html
http://www.postgresql.org/docs/9.0/static/release-9-0-16.html
http://www.postgresql.org/docs/9.1/static/release-9-1-12.html
http://www.postgresql.org/docs/9.2/static/release-9-2-7.html

Solution :

Upgrade to PostgreSQL 8.4.17 / 9.0.13 / 9.1.9 / 9.2.4 / 9.3.3 or
later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false