GLSA-200505-12 : PostgreSQL: Multiple vulnerabilities

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200505-12
(PostgreSQL: Multiple vulnerabilities)

PostgreSQL gives public EXECUTE access to a number of character
conversion routines, but doesn't validate the given arguments
(CAN-2005-1409). It has also been reported that the contrib/tsearch2
module of PostgreSQL misdeclares the return value of some functions as
'internal' (CAN-2005-1410).

Impact :

An attacker could call the character conversion routines with specially
setup arguments to crash the backend process of PostgreSQL or to
potentially gain administrator rights. A malicious user could also call
the misdeclared functions of the contrib/tsearch2 module, resulting in
a Denial of Service or other, yet uninvestigated, impacts.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All PostgreSQL users should update to the latest available version and
follow the guide at http://www.postgresql.o
# emerge --sync
# emerge --ask --oneshot --verbose dev-db/postgresql

Risk factor :

High / CVSS Base Score : 7.5

Family: Gentoo Local Security Checks

Nessus Plugin ID: 18271 (gentoo_GLSA-200505-12.nasl)

Bugtraq ID:

CVE ID: CVE-2005-1409