PostgreSQL Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 4333


The remote host is vulnerable to multiple attack vectors.


The remote host is running PostgreSQL, an open source relational database. This version is vulnerable to six distinct remote flaws. The nature of three of these flaws involves privilege escalation. An attacker exploiting the 'privilege escalation' bugs would either need local access or user credentials in order to elevate their access. The other three flaws involve remote denial of service attacks. An attacker exploiting these flaws would not need any sort of credentials and would have the ability to crash the database service.


Upgrade to PostgreSQL 7.3.21, 7.4.19, 8.0.15, 8.1.11, 8.2.6 or higher.

See Also

Plugin Details

Severity: High

ID: 4333

File Name: 4333.prm

Family: Database

Published: 2008/01/07

Modified: 2016/01/15

Dependencies: 8703, 8704

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.8


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Reference Information

CVE: CVE-2007-6601, CVE-2007-6067, CVE-2007-6600, CVE-2007-4772, CVE-2007-4769, CVE-2007-3278

BID: 27163