Oracle Linux 3 / 4 : postgresql (ELSA-2007-0064)

high Nessus Plugin ID 67447

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

From Red Hat Security Advisory 2007:0064 :

Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

PostgreSQL is an advanced Object-Relational database management system (DBMS).

A flaw was found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit this issue (CVE-2007-0555).

A denial of service flaw was found affecting the PostgreSQL server running on Red Hat Enterprise Linux 4 systems. An authenticated user could execute a SQL command which could crash the PostgreSQL server.
(CVE-2006-5540)

Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.

Solution

Update the affected postgresql packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2007-February/000047.html

https://oss.oracle.com/pipermail/el-errata/2007-March/000096.html

Plugin Details

Severity: High

ID: 67447

File Name: oraclelinux_ELSA-2007-0064.nasl

Version: 1.11

Type: local

Agent: unix

Published: 7/12/2013

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:postgresql-contrib, p-cpe:/a:oracle:linux:rh-postgresql-python, p-cpe:/a:oracle:linux:postgresql, p-cpe:/a:oracle:linux:postgresql-libs, p-cpe:/a:oracle:linux:rh-postgresql-docs, p-cpe:/a:oracle:linux:postgresql-test, p-cpe:/a:oracle:linux:rh-postgresql-contrib, p-cpe:/a:oracle:linux:postgresql-devel, p-cpe:/a:oracle:linux:postgresql-pl, p-cpe:/a:oracle:linux:rh-postgresql, cpe:/o:oracle:linux:3, p-cpe:/a:oracle:linux:rh-postgresql-jdbc, p-cpe:/a:oracle:linux:rh-postgresql-server, p-cpe:/a:oracle:linux:rh-postgresql-tcl, p-cpe:/a:oracle:linux:postgresql-docs, cpe:/o:oracle:linux:4, p-cpe:/a:oracle:linux:rh-postgresql-devel, p-cpe:/a:oracle:linux:postgresql-tcl, p-cpe:/a:oracle:linux:rh-postgresql-pl, p-cpe:/a:oracle:linux:postgresql-jdbc, p-cpe:/a:oracle:linux:postgresql-python, p-cpe:/a:oracle:linux:rh-postgresql-test, p-cpe:/a:oracle:linux:rh-postgresql-libs, p-cpe:/a:oracle:linux:postgresql-server

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/8/2007

Vulnerability Publication Date: 10/26/2006

Reference Information

CVE: CVE-2006-5540, CVE-2007-0555

BID: 22387

RHSA: 2007:0064