Detections
Analytics

MiracleLinux 3 : postgresql-8.1.23-1.2.0.1.AXS3 (AXSA:2011-340:02)

critical Nessus Plugin ID 284351

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-340:02 advisory.

 PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server.
 These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server.
 If you want to manipulate a PostgreSQL database on a local or remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package.
 Security issues fixed with this release:
 CVE-2011-2483 crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/2053

Plugin Details

Severity: Critical

ID: 284351

File Name: miracle_linux_AXSA-2011-340.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2011-2483

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:postgresql-devel, p-cpe:/a:miracle:linux:postgresql-python, p-cpe:/a:miracle:linux:postgresql-contrib, p-cpe:/a:miracle:linux:postgresql-pl, p-cpe:/a:miracle:linux:postgresql, p-cpe:/a:miracle:linux:postgresql-server, p-cpe:/a:miracle:linux:postgresql-docs, cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:postgresql-libs, p-cpe:/a:miracle:linux:postgresql-tcl

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/3/2011

Vulnerability Publication Date: 8/18/2011

Reference Information

CVE: CVE-2011-2483