|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2007:037-1: postgresql Vulnerability Assessment Details
|
MDKSA-2007:037-1: postgresql |
||
Check for the version of the postgresql package Detailed Explanation for this Vulnerability Assessment The remote host is missing the patch for the advisory MDKSA-2007:037-1 (postgresql). Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents that the user should not be able to see. Note that a user must be authenticated in order to exploit this (CVE-2007-0555). As well, Jeff Trout also discovered that the query planner did not verify that a table was still compatible with a previously-generated query plan, which could be exploted to read out arbitrary locations of the server's memory by using ALTER COLUMN TYPE during query execution. Again, a user must be authenticated in order to exploit this (CVE-2007-0556). Update: The previous update updated PostgreSQL to upstream versions, including 8.1.7 which contained a bug with typemod data types used with check constraints and expression indexes. This regression has been corrected in the new 8.1.8 version that is being provided. Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:037-1 Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security |
||
Cables, Connectors |
Lot of 10pcs Brocade 57-1000012-01 8Gbps SWL 850nm SFP+ Optical Transceivers
$19.00
Cisco GLC-FE-100FX-RGD 100BASE-FX SFP Transceiver Module
$17.99
Cisco Meraki MA-SFP-1GB-SX 1000BASE-SX SFP Transceiver Module
$24.99
Cisco GLC-EX-SMD 1310nm 40km SFP Transceiver Module 10-2624-01
$85.99
Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module 10-2415-03
$8.00
SFP-10G-SR Original Cisco 10GBASE-SR SFP+ V02 Multi mode Transceiver 10-2415-02
$5.00
Brand New Cisco GLC-LH-SMD 1000BASE-LX/LH SFP Module 1310nm 10km SMF LC
$13.89
10Gtek ASF-10G-T 10GBase-T 10GbE SFP+ to RJ-45 Copper Optical Transceiver Module
$35.99
LOT OF 20 Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module
$89.00
10 PCS Cisco GLC-LH-SMD 10-2625-01 1310nm SFP Transceiver Module
$85.00
|
||
No Discussions have been posted on this vulnerability. |