This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The database service running on the remote host has an authentication
The version of PostgreSQL running on the remote host has an
authentication bypass vulnerability. If PostgreSQL is using LDAP
authentication, and the LDAP server is configured to allow anonymous
binds, it may be possible to log into the PostgreSQL server using a
blank password. A remote attacker could exploit this to gain access to
the database server, possibly as an administrator.
There are reportedly other vulnerabilities in this version of
PostgreSQL, though Nessus has not checked for those issues.
See also :
Upgrade to PostgreSQL 8.2.14 / 8.3.8 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false