GLSA-200505-12 : PostgreSQL: Multiple vulnerabilities

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200505-12
(PostgreSQL: Multiple vulnerabilities)

PostgreSQL gives public EXECUTE access to a number of character
conversion routines, but doesn't validate the given arguments
(CAN-2005-1409). It has also been reported that the contrib/tsearch2
module of PostgreSQL misdeclares the return value of some functions as
'internal' (CAN-2005-1410).

Impact :

An attacker could call the character conversion routines with specially
setup arguments to crash the backend process of PostgreSQL or to
potentially gain administrator rights. A malicious user could also call
the misdeclared functions of the contrib/tsearch2 module, resulting in
a Denial of Service or other, yet uninvestigated, impacts.

Workaround :

There is no known workaround at this time.

See also :

http://www.postgresql.org/about/news.315
http://www.postgresql.org/about/news.315
http://www.gentoo.org/security/en/glsa/glsa-200505-12.xml

Solution :

All PostgreSQL users should update to the latest available version and
follow the guide at http://www.postgresql.o
rg/about/news.315
# emerge --sync
# emerge --ask --oneshot --verbose dev-db/postgresql

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 18271 (gentoo_GLSA-200505-12.nasl)

Bugtraq ID:

CVE ID: CVE-2005-1409
CVE-2005-1410