PostgreSQL to_ascii() Function Remote Overflows

high Nessus Plugin ID 11916

Synopsis

Arbitrary code may be run on the remote server.

Description

According to its version number, the PostgreSQL server listening on this port is vulnerable to two buffer overflows in the to_ascii() function that could allow an attacker who can query the remote database to execute arbitrary code, subject to the privileges under which the service operates.

Solution

Upgrade to PostgreSQL 7.3.4 or later.

Plugin Details

Severity: High

ID: 11916

File Name: postgresql_toascii_overflow.nasl

Version: 1.23

Type: remote

Family: Databases

Published: 11/4/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Exploit Ease: No known exploits are available

Patch Publication Date: 7/29/2003

Vulnerability Publication Date: 10/30/2003

Reference Information

CVE: CVE-2003-0901

BID: 8741

RHSA: 2003:313