Mandriva Linux Security Advisory : postgresql (MDVSA-2012:139)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been discovered and corrected in
postgresql :

Prevent access to external files/URLs via contrib/xml2's
xslt_process() (Peter Eisentraut). libxslt offers the ability to read
and write both files and URLs through stylesheet commands, thus
allowing unprivileged database users to both read and write data with
the privileges of the database server. Disable that through proper use
of libxslt's security options (CVE-2012-3488). Also, remove
xslt_process()'s ability to fetch documents and stylesheets from
external files/URLs. While this was a documented feature, it was long
regarded as a bad idea. The fix for CVE-2012-3489 broke that
capability, and rather than expend effort on trying to fix it, we're
just going to summarily remove it.

Prevent access to external files/URLs via XML entity references (Noah
Misch, Tom Lane). xml_parse() would attempt to fetch external files or
URLs as needed to resolve DTD and entity references in an XML value,
thus allowing unprivileged database users to attempt to fetch data
with the privileges of the database server. While the external data
wouldn't get returned directly to the user, portions of it could be
exposed in error messages if the data didn't parse as valid XML; and
in any case the mere ability to check existence of a file might be
useful to an attacker (CVE-2012-3489).

This advisory provides the latest versions of PostgreSQL that is not
vulnerable to these issues.

See also :

http://www.postgresql.org/about/news/1407/
http://www.postgresql.org/docs/8.3/static/release-8-3-20.html
http://www.postgresql.org/docs/9.0/static/release-9-0-9.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61984 ()

Bugtraq ID: 55072
55074

CVE ID: CVE-2012-3488
CVE-2012-3489

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now