Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : postgresql-8.3, postgresql-8.4 vulnerability (USN-1229-1)
Medium Nessus Plugin ID 56506
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionIt was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected postgresql-8.3 and / or postgresql-8.4 packages.