Summary
This host is installed with PostgreSQL and is prone to multiple security bypass vulnerabilities.
Impact
Successful exploitation may allow an attacker to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
Impact Level: System/Application
Solution
Upgrade to version 9.3.3, 9.2.7, 9.1.12, 9.0.16 or 8.4.20, or higher, For updates refer to http://www.postgresql.org/download
Insight
Multiple flaws are due to,
- An error when handling roles can be exploited to revoke access from other role members.
- Multiple errors when handling calls to PL validator functions.
- Some errors when handling name lookups.
- Some boundary errors when handling wide datetime input/output.
Affected
PostgreSQL version before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- IBM DB2 DML Statement Execution Remote Privilege Escalation Vulnerability (Linux)
- IBM DB2 Client Interfaces component Unspecified Vulnerabilities (Win)
- Oracle Database Server Multiple Unspecified Vulnerabilities-01 Jan2014
- Oracle MySQL Multiple Unspecified vulnerabilities-03 Oct14 (Windows)
- Oracle MySQL Multiple Unspecified vulnerabilities-02 Feb15 (Windows)