PostgreSQL < 7.2.3 Multiple Vulnerabilities (2) (deprecated)

medium Nessus Network Monitor Plugin ID 1893

Synopsis

The remote host can be tricked into giving a user a shell.

Description

The remote PostgreSQL server is vulnerable to various flaws which may allow an attacker who has the right to query the remote database to obtain a shell on this host.

Solution

Upgrade to PostgreSQL 7.2.3 or higher.

Plugin Details

Severity: Medium

ID: 1893

Family: Database

Published: 8/20/2004

Updated: 9/16/2018

Nessus ID: 11456

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Reference Information

CVE: CVE-2002-0972, CVE-2002-1398

BID: 6610, 6614, 5527, 5497, 6615, 6611, 6612, 6613, 7075

Detections

Analytics