FreeBSD : postgresql -- multiple vulnerabilities (51436b4c-1250-11dd-bab7-0016179b2dd5)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The PostgreSQL developers report :

PostgreSQL allows users to create indexes on the results of
user-defined functions, known as 'expression indexes'. This provided
two vulnerabilities to privilege escalation: (1) index functions were
executed as the superuser and not the table owner during VACUUM and
ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were
permitted within index functions. Both of these holes have now been
closed.

PostgreSQL allowed malicious users to initiate a denial-of-service by
passing certain regular expressions in SQL queries. First, users could
create infinite loops using some specific regular expressions. Second,
certain complex regular expressions could consume excessive amounts of
memory. Third, out-of-range backref numbers could be used to crash the
backend.

DBLink functions combined with local trust or ident authentication
could be used by a malicious user to gain superuser privileges. This
issue has been fixed, and does not affect users who have not installed
DBLink (an optional module), or who are using password authentication
for local access. This same problem was addressed in the previous
release cycle, but that patch failed to close all forms of the
loophole.

See also :

http://www.postgresql.org/about/news.905
http://www.nessus.org/u?962596d0

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 32063 (freebsd_pkg_51436b4c125011ddbab70016179b2dd5.nasl)

Bugtraq ID: 27163

CVE ID: CVE-2007-4769
CVE-2007-4772
CVE-2007-6067
CVE-2007-6600
CVE-2007-6601

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now