PostgreSQL < 7.2.7 / 7.3.9 / 7.4.7 / 8.0.1 Multiple Vulnerabilities

medium Nessus Plugin ID 16309

Language:

Synopsis

It may be possible to run arbitrary commands on the remote server.

Description

The remote PostgreSQL server, according to its version number, is vulnerable to multiple flaws that could allow an attacker who has the rights to query the remote database to obtain a shell on this host.

Solution

Upgrade to postgresql 7.2.7, 7.3.9, 7.4.7, 8.0.1 or later.

Plugin Details

Severity: Medium

ID: 16309

File Name: postgresql_multiple_flaws2.nasl

Version: 1.18

Type: remote

Family: Databases

Published: 2/3/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:postgresql:postgresql

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/1/2005

Vulnerability Publication Date: 1/31/2005

Reference Information

CVE: CVE-2005-0227, CVE-2005-0244, CVE-2005-0245, CVE-2005-0246, CVE-2005-0247

BID: 12411, 12417

CWE: 119, 264, 94

Detections

Analytics