Synopsis
The remote host is missing a vendor-supplied security patch
Description
The remote host is missing the patch for the advisory SUSE-SA:2005:027 (postgresql).
Several problems were identified and fixed in the PostgreSQL database server.
Multiple buffer overflows in the low level parsing routines may allow attackers to execute arbitrary code via:
(1) a large number of variables in a SQL statement being handled by the read_sql_construct() function,
(2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function,
(3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and
(4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function.
This is tracked by the Mitre CVE ID CVE-2005-0247.
Solution
http://www.suse.de/security/advisories/2005_27_postgresql.html
Plugin Details
File Name: suse_SA_2005_027.nasl
Agent: unix
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Vulnerability Information
Required KB Items: Host/SuSE/rpm-list