Summary
This host is installed with PostgreSQL and is prone to multiple security bypass vulnerabilities.
Impact
Successful exploitation may allow an attacker to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
Impact Level: System/Application
Solution
Upgrade to version 9.3.3, 9.2.7, 9.1.12, 9.0.16 or 8.4.20, or higher, For updates refer to http://www.postgresql.org/download
Insight
Multiple flaws are due to,
- An error when handling roles can be exploited to revoke access from other role members.
- Multiple errors when handling calls to PL validator functions.
- Some errors when handling name lookups.
- Some boundary errors when handling wide datetime input/output.
Affected
PostgreSQL version before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- MySQL < 5.1.47 Multiple Vulnerabilities
- IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Win)
- IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities
- MySQL mysqlhotcopy script insecure temporary file
- Oracle MySQL Server Component 'Replication' Unspecified vulnerability Oct-2013 (Windows)