FreeBSD : postgresql -- multiple vulnerabilities (51436b4c-1250-11dd-bab7-0016179b2dd5)

High Nessus Plugin ID 32063


The remote FreeBSD host is missing one or more security-related updates.


The PostgreSQL developers report :

PostgreSQL allows users to create indexes on the results of user-defined functions, known as 'expression indexes'. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed.

PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend.

DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle, but that patch failed to close all forms of the loophole.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 32063

File Name: freebsd_pkg_51436b4c125011ddbab70016179b2dd5.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2008/04/28

Modified: 2016/12/08

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:postgresql, p-cpe:/a:freebsd:freebsd:postgresql-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/04/24

Vulnerability Publication Date: 2008/01/06

Reference Information

CVE: CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601

BID: 27163

CWE: 189, 264, 287, 399