This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
The remote database server is affected by multiple vulnerabilities.
The version of PostgreSQL installed on the remote host is 8.4.x prior
to 8.4.20, 9.0.x prior to 9.0.16, 9.1.x prior to 9.1.12, 9.2.x prior to
9.2.7 or 9.3.x prior to 9.3.3. It is, therefore, potentially affected
by multiple vulnerabilities :
- SET ROLE bypasses lack of ADMIN OPTION when granting
- It is possible to elevate privileges via calls to
validator functions. (CVE-2014-0061)
- It is possible to elevate privileges via a race
condition in CREATE INDEX. (CVE-2014-0062)
- Potential buffer overruns exist due to integer overflow
in size calculations. (CVE-2014-0063)
- Potential buffer overruns exist in datetime
- Multiple fixed-size buffers exist that could potentially
be overflowed. (CVE-2014-0065)
- A potential NULL pointer dereference crash is possible
when crypt(3) returns NULL. (CVE-2014-0066)
- Multiple integer overflow vulnerabilities exist in
See also :
Upgrade to PostgreSQL 8.4.17 / 9.0.13 / 9.1.9 / 9.2.4 / 9.3.3 or
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false
Nessus Plugin ID: 72659 ()
Bugtraq ID: 6571965723657246572565727657286573166557
CVE ID: CVE-2014-0060CVE-2014-0061CVE-2014-0062CVE-2014-0063CVE-2014-0064CVE-2014-0065CVE-2014-0066CVE-2014-2669
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.