PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.

The remote host is affected by the vulnerability described in GLSA-201408-15 (PostgreSQL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PostgreSQL. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote authenticated attacker may be able to create a Denial of       Service condition, bypass security restrictions, or have other       unspecified impact.
  Workaround :

    There is no known workaround at this time.

PostgreSQL was updated to version 9.1.8 (bnc#802679) :

  - Prevent execution of enum_recv from SQL (CVE-2013-0255).

  - Fix multiple problems in detection of when a consistent     database state has been reached during WAL replay

  - Update minimum recovery point when truncating a relation     file

  - Fix recycling of WAL segments after changing recovery     target timeline

  - Fix missing cancellations in hot standby mode

  - See the release notes for the rest of the changes:
    http://www.postgresql.org/docs/9.1/static/release-9-1-8.
    html /usr/share/doc/packages/postgresql/HISTORY

  - Remove postgresql91-full.spec.in and use     postgresql91.spec as the master for generating     postgresql91-libs.spec.

An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (daemon crash) or disclosure of certain portions of server memory. (CVE-2013-0255)

A flaw was found in the way the pgcrypto contrib module of PostgreSQL (re)initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks. (CVE-2013-1900)

An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (daemon crash) or disclosure of certain portions of server memory. (CVE-2013-0255)

A flaw was found in the way the pgcrypto contrib module of PostgreSQL (re)initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks. (CVE-2013-1900)

These updated packages upgrade PostgreSQL to version 8.4.18, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes :

http://www.postgresql.org/docs/8.4/static/release-8-4-18.html

After installing this update, it is advisable to rebuild, using the REINDEX command, Generalized Search Tree (GiST) indexes that meet one or more of the following conditions :

    - GiST indexes on box, polygon, circle, or point columns

    - GiST indexes for variable-width data types, that is       text, bytea, bit, and numeric

    - GiST multi-column indexes

If the postgresql service is running, it will be automatically restarted after installing this update.

Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

PostgreSQL is an advanced object-relational database management system (DBMS).

An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (daemon crash) or disclosure of certain portions of server memory. (CVE-2013-0255)

A flaw was found in the way the pgcrypto contrib module of PostgreSQL (re)initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks. (CVE-2013-1900)

Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Sumit Soni via Secunia SVCRP as the original reporter of CVE-2013-0255, and Marko Kreen as the original reporter of CVE-2013-1900.

These updated packages upgrade PostgreSQL to version 8.4.18, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes :

http://www.postgresql.org/docs/8.4/static/release-8-4-18.html

After installing this update, it is advisable to rebuild, using the REINDEX command, Generalized Search Tree (GiST) indexes that meet one or more of the following conditions :

* GiST indexes on box, polygon, circle, or point columns

* GiST indexes for variable-width data types, that is text, bytea, bit, and numeric

* GiST multi-column indexes

All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.

From Red Hat Security Advisory 2013:1475 :

Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

PostgreSQL is an advanced object-relational database management system (DBMS).

An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (daemon crash) or disclosure of certain portions of server memory. (CVE-2013-0255)

A flaw was found in the way the pgcrypto contrib module of PostgreSQL (re)initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks. (CVE-2013-1900)

Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Sumit Soni via Secunia SVCRP as the original reporter of CVE-2013-0255, and Marko Kreen as the original reporter of CVE-2013-1900.

These updated packages upgrade PostgreSQL to version 8.4.18, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes :

http://www.postgresql.org/docs/8.4/static/release-8-4-18.html

After installing this update, it is advisable to rebuild, using the REINDEX command, Generalized Search Tree (GiST) indexes that meet one or more of the following conditions :

* GiST indexes on box, polygon, circle, or point columns

* GiST indexes for variable-width data types, that is text, bytea, bit, and numeric

* GiST multi-column indexes

All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.

Multiple vulnerabilities has been discovered and corrected in postgresql :

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read (CVE-2013-0255).

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a - (hyphen) (CVE-2013-1899).

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the contrib/pgcrypto functions. (CVE-2013-1900).

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions (CVE-2013-1901).

This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

Versions of PostgreSQL earlier than 8.3.23, 8.4.16, 9.0.12, 9.1.8, 9.2.3 and are potentially affected by a denial of service vulnerability due to a flaw in the enum_recv() functin of 'backend/utils/adt/enum.c'. By exploiting this flaw, a remote attacker could crash the affected application

PostgreSQL has been updated to version 8.3.23 which fixes various bugs and one security issue.

The security issue fixed in this release, CVE-2013-0255, allowed a previously authenticated user to crash the server by calling an internal function with invalid arguments. This issue was discovered by independent security researcher Sumit Soni this week and reported via Secunia SVCRP, and we are grateful for their efforts in making PostgreSQL more secure.

More information can be found at

http://www.postgresql.org/about/news/1446/

PostgreSQL has been updated to version 9.1.8 which fixes various bugs and one security issue.

The security issue fixed in this release, CVE-2013-0255, allowed a previously authenticated user to crash the server by calling an internal function with invalid arguments. This issue was discovered by the independent security researcher Sumit Soni this week and reported via Secunia SVCRP, and we are grateful for their efforts in making PostgreSQL more secure.

More information can be found at

http://www.postgresql.org/about/news/1446/

Sumit Soni discovered that PostgreSQL, an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service.

The version of PostgreSQL installed on the remote host is 8.3.x prior to 8.3.23, 8.4.x prior to 8.4.16, 9.0.x prior to 9.0.12, 9.1.x prior to 9.1.8 or 9.2 prior to 9.2.3.  It is, therefore, potentially affected by a denial of service vulnerability due to a flaw in the enum_recv() function of 'backend/utils/adt/enum.c'.  By exploiting this flaw, a remote attacker could crash the affected application.

- Update to new upstream releases, to fix CVE-2013-0255     and other issues described at     http://www.postgresql.org/docs/9.2/static/release-9-2-3.
    html     http://www.postgresql.org/docs/9.1/static/release-9-1-8.
    html

  - Make the package build with selinux option disabled

    - Include old version of pg_controldata in       postgresql-upgrade subpackage

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability has been discovered and corrected in postgresql :

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read (CVE-2013-0255).

This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

Sumit Soni discovered that PostgreSQL incorrectly handled calling a certain internal function with invalid arguments. An authenticated attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
77459	GLSA-201408-15 : PostgreSQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
74897	openSUSE Security Update : postgresql91 (openSUSE-SU-2013:0318-1)	Nessus	SuSE Local Security Checks	medium
70906	Amazon Linux AMI : postgresql8 (ALAS-2013-244)	Nessus	Amazon Linux Local Security Checks	high
70705	Scientific Linux Security Update : postgresql and postgresql84 on SL5.x, SL6.x i386/x86_64 (20131029)	Nessus	Scientific Linux Local Security Checks	high
70696	RHEL 5 / 6 : postgresql and postgresql84 (RHSA-2013:1475)	Nessus	Red Hat Local Security Checks	high
70692	Oracle Linux 5 / 6 : postgresql / postgresql84 (ELSA-2013-1475)	Nessus	Oracle Linux Local Security Checks	high
70687	CentOS 5 / 6 : postgresql / postgresql84 (CESA-2013:1475)	Nessus	CentOS Local Security Checks	high
66154	Mandriva Linux Security Advisory : postgresql (MDVSA-2013:142)	Nessus	Mandriva Local Security Checks	high
6743	PostgreSQL < 8.3.23 / 8.4.16 / 9.0.12 / 9.1.8 / 9.2.3 Denial of Service	Nessus Network Monitor	Database	medium
65683	SuSE 11.2 Security Update : PostgreSQL (SAT Patch Number 7340)	Nessus	SuSE Local Security Checks	medium
65682	SuSE 11.2 Security Update : PostgreSQL (SAT Patch Number 7342)	Nessus	SuSE Local Security Checks	medium
64732	Debian DSA-2630-1 : postgresql-8.4 - programming error	Nessus	Debian Local Security Checks	medium
64669	PostgreSQL 8.3 < 8.3.23 / 8.4 < 8.4.16 / 9.0 < 9.0.12 / 9.1 < 9.1.8 / 9.2 < 9.2.3 Denial of Service	Nessus	Databases	medium
64665	Fedora 17 : postgresql-9.1.8-1.fc17 (2013-2152)	Nessus	Fedora Local Security Checks	medium
64647	Mandriva Linux Security Advisory : postgresql (MDVSA-2013:012)	Nessus	Mandriva Local Security Checks	medium
64616	Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerability (USN-1717-1)	Nessus	Ubuntu Local Security Checks	medium
64554	Fedora 18 : postgresql-9.2.3-1.fc18 (2013-2123)	Nessus	Fedora Local Security Checks	medium

Detections

Analytics

CVE-2013-0255

high

Tenable Plugins

high

medium

high

high

high

high

high

high

medium

medium

medium

medium

medium

medium

medium

medium

medium