Detections
Analytics

PostgreSQL Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 4333

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running PostgreSQL, an open source relational database. This version is vulnerable to six distinct remote flaws. The nature of three of these flaws involves privilege escalation. An attacker exploiting the 'privilege escalation' bugs would either need local access or user credentials in order to elevate their access. The other three flaws involve remote denial of service attacks. An attacker exploiting these flaws would not need any sort of credentials and would have the ability to crash the database service.

Solution

Upgrade to PostgreSQL 7.3.21, 7.4.19, 8.0.15, 8.1.11, 8.2.6 or higher.

See Also

http://www.postgresql.org/about/news.905

Plugin Details

Severity: High

ID: 4333

Family: Database

Published: 1/7/2008

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Reference Information

CVE: CVE-2007-3278, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601

BID: 27163