PostgreSQL < 7.2.3 Multiple Vulnerabilities (2) (deprecated)

Medium Nessus Network Monitor Plugin ID 1893

Synopsis

The remote host can be tricked into giving a user a shell.

Description

The remote PostgreSQL server is vulnerable to various flaws which may allow an attacker who has the right to query the remote database to obtain a shell on this host.

Solution

Upgrade to PostgreSQL 7.2.3 or higher.

Plugin Details

Severity: Medium

ID: 1893

File Name: 1893.prm

Family: Database

Published: 2004/08/20

Modified: 2015/06/01

Dependencies: 8703

Nessus ID: 11456

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Reference Information

CVE: CVE-2002-0972, CVE-2002-1398

BID: 6610, 6614, 5527, 5497, 6615, 6611, 6612, 6613, 7075

OSVDB: 11829, 11830, 11831, 6190, 8998, 9504, 9505