Detections
Analytics
Amazon Linux AMI : postgresql93 (ALAS-2015-485)
critical Nessus Plugin ID 81673
Language:
Synopsis
The remote Amazon Linux AMI host is missing a security update.Description
A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2015-0243)A flaw was found in way PostgreSQL handled certain errors during that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection. (CVE-2015-0244)
Solution
Run 'yum update postgresql93' to update your system.See Also
Plugin Details
Severity: Critical
ID: 81673
File Name: ala_ALAS-2015-485.nasl
Version: 1.6
Type: local
Agent: unix
Published: 3/9/2015
Updated: 2/3/2020
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:postgresql93, p-cpe:/a:amazon:linux:postgresql93-contrib, p-cpe:/a:amazon:linux:postgresql93-debuginfo, p-cpe:/a:amazon:linux:postgresql93-devel, p-cpe:/a:amazon:linux:postgresql93-docs, p-cpe:/a:amazon:linux:postgresql93-libs, p-cpe:/a:amazon:linux:postgresql93-plperl, p-cpe:/a:amazon:linux:postgresql93-plpython, p-cpe:/a:amazon:linux:postgresql93-pltcl, p-cpe:/a:amazon:linux:postgresql93-server, p-cpe:/a:amazon:linux:postgresql93-test, cpe:/o:amazon:linux
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Patch Publication Date: 2/25/2015
Vulnerability Publication Date: 1/27/2020
Reference Information
CVE: CVE-2015-0243, CVE-2015-0244
ALAS: 2015-485