Mandrake Linux Security Advisory : postgresql (MDKSA-2005:040)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A number of vulnerabilities were found and corrected in the PostgreSQL
DBMS :

A flaw in the LOAD command could be abused by a local user to load
arbitrary shared libraries and as a result execute arbitrary code with
the privileges of the user running the postgresql server
(CVE-2005-0227).

A permission checking flaw was found where a local user could bypass
the EXECUTE permission check for functions using the CREATE AGGREGATE
command (CVE-2005-0244).

Multiple buffer overflows were discovered in PL/PgSQL. A database user
with permission to create plpgsql functions could trigger these flaws
which could then lead to arbitrary code execution with the privileges
of the user running the postgresql server (CVE-2005-0245 and
CVE-2005-0247).

Finally, a flaw in the integer aggregator (intagg) contrib module was
found. A user could create carefully crafted arrays and crash the
server, causing a Denial of Service (CVE-2005-0246).

The updated packages have been patched to correct these problems.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 17139 (mandrake_MDKSA-2005-040.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0227
CVE-2005-0244
CVE-2005-0245
CVE-2005-0246
CVE-2005-0247

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now