This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The database service running on the remote host has an authentication
The version of PostgreSQL running on the remote host has an
authentication bypass vulnerability. If PostgreSQL is using LDAP
authentication, and the LDAP server is configured to allow anonymous
binds, it may be possible to log into the PostgreSQL server using a
blank password. A remote attacker could exploit this to gain access to
the database server, possibly as an administrator.
There are reportedly other vulnerabilities in this version of
PostgreSQL, though Nessus has not checked for those issues.
See also :
Upgrade to PostgreSQL 8.2.14 / 8.3.8 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false
Nessus Plugin ID: 40947 ()
Bugtraq ID: 36314
CVE ID: CVE-2009-3231
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.