This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities was discovered and corrected in postgresql :
NULL Bytes in SSL Certificates can be used to falsify client or server
authentication. This only affects users who have SSL enabled, perform
certificate name validation or client certificate authentication, and
where the Certificate Authority (CA) has been tricked into issuing
invalid certificates. The use of a CA that can be trusted to always
issue valid certificates is recommended to ensure you are not
vulnerable to this issue (CVE-2009-4034).
Privilege escalation via changing session state in an index function.
This closes a corner case related to vulnerabilities CVE-2009-3230 and
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL
8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote
authenticated users to cause a denial of service (daemon crash) via a
SELECT statement with many LEFT JOIN clauses, related to certain
hashtable size calculations (CVE-2010-0733).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
This update provides a solution to these vulnerabilities.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.4
Public Exploit Available : true
Family: Mandriva Local Security Checks
Nessus Plugin ID: 43167 (mandriva_MDVSA-2009-333.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now