PostgreSQL Error Message Conversion Remote DoS

Medium Nessus Network Monitor Plugin ID 4957

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

This version of PostgreSQL is vulnerable to a denial of service when processing malformed SQL statements. To exploit this flaw, an attacker would need a valid account and the ability to execute custom queries. Successful exploitation would result in the attacker shutting down the database.

Solution

Upgrade to version 7.4.24, 8.0.20, 8.1.16, 8.2.12, 8.3.6 or higher.

See Also

http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php

Plugin Details

Severity: Medium

ID: 4957

File Name: 4957.prm

Family: Database

Published: 2009/03/12

Modified: 2016/01/30

Dependencies: 8703, 8704

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4

Temporal Score: 3.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 4.3

Temporal Score: 4

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Reference Information

CVE: CVE-2009-0922

BID: 34090

OSVDB: 54512