Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PostgreSQL Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running PostgreSQL, a database application. The version of PostgreSQL is potentially affected by multiple issues :

- Authenticated non-superusers can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there.

- A privilege escalation issue allows some actions to be performed with superuser privileges instead of table owner privileges. This is related to the fix for CVE-2007-6600 which failed to include protection against misuse of 'RESET SESSION AUTHORIZATION'.

- If PostgreSQL is configured with LDAP authentication, and your LDAP configuration allows anonymous binds, it is possible for a user to authenticate themselves with an empty password.

Solution

Upgrade to PostgreSQL 8.0.22, 8.1.18, 8.2.14, 8.3.8, or 8.4.1.