Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.100400 |
Categoría: | Databases |
Título: | PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability |
Resumen: | PostgreSQL is prone to a security-bypass vulnerability because the; application fails to properly validate the domain name in a signed CA certificate, allowing attackers; to substitute malicious SSL certificates for trusted ones.;; PostgreSQL is also prone to a local privilege-escalation vulnerability. |
Descripción: | Summary: PostgreSQL is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. PostgreSQL is also prone to a local privilege-escalation vulnerability. Vulnerability Impact: Successfully exploiting this issue allows attackers to perform man-in-the- middle attacks or impersonate trusted servers, which will aid in further attacks. Exploiting the privilege-escalation vulnerability allows local attackers to gain elevated privileges. Affected Software/OS: PostgreSQL versions prior to 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and 7.4.27 are vulnerable to this issue. Solution: Updates are available. Please see the references for more information. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
Referencia Cruzada: |
BugTraq ID: 37334 BugTraq ID: 37333 Common Vulnerability Exposure (CVE) ID: CVE-2009-4034 http://www.securityfocus.com/bid/37334 Bugtraq: 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server (Google Search) http://www.securityfocus.com/archive/1/509917/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html HPdes Security Advisory: HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 HPdes Security Advisory: SSRT100617 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 http://osvdb.org/61038 http://www.securitytracker.com/id?1023325 http://secunia.com/advisories/37663 SuSE Security Announcement: SUSE-SR:2010:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://www.vupen.com/english/advisories/2009/3519 Common Vulnerability Exposure (CVE) ID: CVE-2009-4136 http://www.securityfocus.com/bid/37333 http://osvdb.org/61039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9358 http://www.redhat.com/support/errata/RHSA-2010-0427.html http://www.redhat.com/support/errata/RHSA-2010-0428.html http://www.redhat.com/support/errata/RHSA-2010-0429.html http://www.securitytracker.com/id?1023326 http://secunia.com/advisories/39820 http://www.vupen.com/english/advisories/2010/1197 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |