PostgreSQL Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 4333

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running PostgreSQL, an open source relational database. This version is vulnerable to six distinct remote flaws. The nature of three of these flaws involves privilege escalation. An attacker exploiting the 'privilege escalation' bugs would either need local access or user credentials in order to elevate their access. The other three flaws involve remote denial of service attacks. An attacker exploiting these flaws would not need any sort of credentials and would have the ability to crash the database service.

Solution

Upgrade to PostgreSQL 7.3.21, 7.4.19, 8.0.15, 8.1.11, 8.2.6 or higher.

See Also

http://www.postgresql.org/about/news.905

Plugin Details

Severity: High

ID: 4333

File Name: 4333.prm

Family: Database

Published: 2008/01/07

Modified: 2016/01/15

Dependencies: 8703, 8704

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Reference Information

CVE: CVE-2007-6601, CVE-2007-6067, CVE-2007-6600, CVE-2007-4772, CVE-2007-4769, CVE-2007-3278

BID: 27163