PostgreSQL < 8.0.3 Multiple Vulnerabilities

medium Nessus Plugin ID 18202

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

According to its banner, the version of PostgreSQL installed on the remote host may suffer from the following vulnerabilities :

- Character Conversion Vulnerability Unprivileged users can call functions supporting client- server character set conversion from SQL commands even though those functions do not validate their arguments.

- tsearch2 Vulnerability If installed, the 'contrib/tsearch2' module permits users to at a minimum crash the backend because it misdeclares several functions as returning type 'internal' when in fact they do not have any 'internal' argument.

Solution

Implement the changes described in the PostgreSQL advisory or upgrade to 8.0.3.

See Also

http://www.postgresql.org/about/news.315

http://www.nessus.org/u?7969c3a5

Plugin Details

Severity: Medium

ID: 18202

File Name: postgresql_charset_and_tsearch2.nasl

Version: 1.19

Type: remote

Family: Databases

Published: 5/5/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Exploit Ease: No known exploits are available

Patch Publication Date: 5/9/2005

Vulnerability Publication Date: 5/2/2005

Reference Information

CVE: CVE-2005-1409, CVE-2005-1410

BID: 13475, 13476