PostgreSQL 9.0 < 9.0.13 / 9.1 < 9.1.9 / 9.2 < 9.2.4 File Deletion

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by a file deletion

Description :

The version of PostgreSQL installed on the remote host is 9.0.x prior
to 9.0.13, 9.1.x prior to 9.1.9 or 9.2.x prior to 9.2.4. As such, it is
potentially affected by a file deletion vulnerability. A remote,
unauthenticated attacker, could damage or destroy files within a
server's data directory by requesting a database name that begins
with '-'.

See also :

Solution :

Upgrade to PostgreSQL 9.0.13 / 9.1.9 / 9.2.4 or later.

Risk factor :

Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 4.8
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 65855 ()

Bugtraq ID: 58876

CVE ID: CVE-2013-1899

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial