FreeBSD : PostgreSQL -- multiple privilege issues (42d42090-9a4d-11e3-b029-08002798f6ff)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

PostgreSQL Project reports :

This update fixes CVE-2014-0060, in which PostgreSQL did not properly
enforce the WITH ADMIN OPTION permission for ROLE management. Before
this fix, any member of a ROLE was able to grant others access to the
same ROLE regardless if the member was given the WITH ADMIN OPTION
permission. It also fixes multiple privilege escalation issues,
including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
CVE-2014-0065, and CVE-2014-0066. More information on these issues can
be found on our security page and the security issue detail wiki page.

With this release, we are also alerting users to a known security hole
that allows other users on the same machine to gain access to an
operating system account while it is doing 'make check' :
CVE-2014-0067. 'Make check' is normally part of building PostgreSQL
from source code. As it is not possible to fix this issue without
causing significant issues to our testing infrastructure, a patch will
be released separately and publicly. Until then, users are strongly
advised not to run 'make check' on machines where untrusted users have

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.5

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 72612 ()

Bugtraq ID:

CVE ID: CVE-2014-0060

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now