PostgreSQL Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5170
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running PostgreSQL, a database application. The version of PostgreSQL is potentially affected by multiple issues :
- Authenticated non-superusers can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there.
- A privilege escalation issue allows some actions to be performed with superuser privileges instead of table owner privileges. This is related to the fix for CVE-2007-6600 which failed to include protection against misuse of 'RESET SESSION AUTHORIZATION'.
- If PostgreSQL is configured with LDAP authentication, and your LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password.
SolutionUpgrade to PostgreSQL 8.0.22, 8.1.18, 8.2.14, 8.3.8, or 8.4.1.