PostgreSQL Error Message Conversion Remote DoS

medium Nessus Network Monitor Plugin ID 4957

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

This version of PostgreSQL is vulnerable to a denial of service when processing malformed SQL statements. To exploit this flaw, an attacker would need a valid account and the ability to execute custom queries. Successful exploitation would result in the attacker shutting down the database.

Solution

Upgrade to version 7.4.24, 8.0.20, 8.1.16, 8.2.12, 8.3.6 or higher.

See Also

http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php

Plugin Details

Severity: Medium

ID: 4957

Family: Database

Published: 3/12/2009

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Reference Information

CVE: CVE-2009-0922

BID: 34090