PostgreSQL LDAP Anonymous Bind Authentication Bypass

This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.


Synopsis :

The database service running on the remote host has an authentication
bypass vulnerability.

Description :

The version of PostgreSQL running on the remote host has an
authentication bypass vulnerability. If PostgreSQL is using LDAP
authentication, and the LDAP server is configured to allow anonymous
binds, it may be possible to log into the PostgreSQL server using a
blank password. A remote attacker could exploit this to gain access to
the database server, possibly as an administrator.

There are reportedly other vulnerabilities in this version of
PostgreSQL, though Nessus has not checked for those issues.

See also :

http://www.postgresql.org/about/news.1135
http://www.postgresql.org/support/security

Solution :

Upgrade to PostgreSQL 8.2.14 / 8.3.8 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 40947 ()

Bugtraq ID: 36314

CVE ID: CVE-2009-3231