PostgreSQL < 8.3.23 / 8.4.17 / 9.0.13 / 9.1.9 / 9.2.4 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 6747
SynopsisThe remote database server is vulnerable to multiple vulnerabilities.
DescriptionVersions of PostgreSQL earlier than 8.3.23 / 8.4.17 / 9.0.13 / 9.1.9 / 9.2.4 and are potentially affected by the following vulnerabilities :
- An insecure temporary file-creation, specifically occurs when a file with a predictable filename in the '/tmp' directory is created. (CVE-2013-1902)
- A password disclosure vulnerability occurs due to the application passing the database superuser passwords to a script, specifically exists in the graphical installers package. (CVE-2013-1903)
SolutionUpgrade to PostgreSQL 8.3.23 / 8.4.17 / 9.0.13 / 9.1.9 / 9.2.4 or later.