SUSE-SA:2005:027: postgresql

medium Nessus Plugin ID 18113

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:027 (postgresql).


Several problems were identified and fixed in the PostgreSQL database server.

Multiple buffer overflows in the low level parsing routines may allow attackers to execute arbitrary code via:

(1) a large number of variables in a SQL statement being handled by the read_sql_construct() function,

(2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function,

(3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and

(4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function.


This is tracked by the Mitre CVE ID CVE-2005-0247.

Solution

http://www.suse.de/security/advisories/2005_27_postgresql.html

Plugin Details

Severity: Medium

ID: 18113

File Name: suse_SA_2005_027.nasl

Version: 1.11

Agent: unix

Published: 4/21/2005

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2005-0247

CWE: 119