FreeBSD : postgresql -- multiple vulnerabilities (65c8ecf9-2adb-11db-a6e2-000e0c2e438a)
High Nessus Plugin ID 22210
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionMultiple vulnerabilities had been reported in various versions of PostgreSQL :
- The EXECUTE restrictions can be bypassed by using the AGGREGATE function, which is missing a permissions check.
- A buffer overflow exists in gram.y which could allow an attacker to execute arbitrary code by sending a large number of arguments to a refcursor function, found in gram.y
- The intagg contributed module allows an attacker to crash the server (Denial of Service) by constructing a malicious crafted array.
SolutionUpdate the affected packages.