|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2002-301: postgresql Vulnerability Assessment Details
|
RHSA-2002-301: postgresql |
||
Check for the version of the postgresql packages Detailed Explanation for this Vulnerability Assessment Updated PostgreSQL packages are available which correct several minor security vulnerabilities. [Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1 PostgreSQL is an advanced Object-Relational database management system (DBMS). Red Hat Linux Advanced Server 2.1 shipped with PostgreSQL version 7.1.3 which has several security vulnerabilities. Buffer overflows in PostgreSQL 7.2 permit attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the lpad or rpad functions. CVE-2002-0972 Buffer overflow in the cash_words() function for PostgreSQL 7.2 and earlier permits local users to cause a denial of service and possibly execute arbitrary code via a malformed argument. CVE-2002-1397 Buffer overflow in the date parser for PostgreSQL before 7.2.2 permits attackers to cause a denial of service and possibly execute arbitrary code via a long date string, referred to as a vulnerability "in handling long datetime input." CVE-2002-1398 Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 permits attackers to execute arbitrary code by causing repeat() to generate a large string. CVE-2002-1400 Buffer overflows in circle_poly, path_encode, and path_add permit attackers to cause a denial of service and possibly execute arbitrary code. Note that these issues have been fixed in our packages and in PostgreSQL CVS, but are not included in PostgreSQL version 7.2.2 or 7.2.3. CVE-2002-1401 Buffer overflows in the TZ and SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier permit local users to cause a denial of service and possibly execute arbitrary code. CVE-2002-1402 Note that these vulnerabilities are only critical on open or shared systems because connecting to the database is required before the vulnerabilities can be exploited. The PostgreSQL Global Development Team has released versions of PostgreSQL that fix these vulnerabilities, and these fixes have been isolated and backported into the updated 7.1.3 packages provided with this errata. All users of Red Hat Linux Advanced Server 2.1 who use PostgreSQL are advised to install these updated packages. Solution : http://rhn.redhat.com/errata/RHSA-2002-301.html Network Security Threat Level: High Networks Security ID: Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security |
||
Cables, Connectors |
AMD EPYC 7282 CPU Processor 16 Cores 32 Threads 2.8GHZ up to 3.2GHZ 120W no lock
$75.00
AMD Ryzen 9 5950X 16-core 32-thread Desktop Processor
$319.99
Intel - Core i7-12700K Desktop Processor 12 (8P+4E) Cores up to 5.0 GHz Unloc...
$419.99
Intel - Core i9-12900K Desktop Processor 16 (8P+8E) Cores up to 5.2 GHz Unloc...
$619.99
Intel Xeon E5-2697A V4 2.6GHz CPU Processor 16-Core Socket LGA2011 SR2K1
$39.99
Intel Core i7-13700K Processor (5.4 GHz, 16 Cores, LGA 1700) Tray -...
$135.00
Intel Xeon E5-2680 v4 SR1N7 2.4GHz 14-Core 3.5MB 35MB Socket 2011-3 Server CPU
$11.99
Intel Core i5-8500 SR3XE 3.0GHz 6 Core LGA1151 9MB Processor CPU Tested
$47.00
Intel Core i7-3770 3.40GHz 8MB Quad Core Socket LGA1155 CPU Processor SR0PK
$35.00
Intel 16 Core i7-13700T DESKTOP processor TURBO Boost 4.90Ghz CM8071504820903
$269.00
|
||
No Discussions have been posted on this vulnerability. |