PostgreSQL < 9.1.3 / 9.0.7 / 8.4.11 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 6337
SynopsisThe remote database server is vulnerable to multiple attack vectors.
DescriptionVersions of PostgreSQL earlier than 9.1.3, 9.0.7, 8.4.11 and are potentially affected by the following vulnerabilities :
- Permissions on a function called by a trigger are not properly checked. (CVE-2012-0866)
- SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificates. (CVE-2012-0867)
- Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file. (CVE-2012-0868)
SolutionUpgrade to PostgreSQL 8.4.11, 9.0.7, 9.1.3, or later.