Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.100400
Categoría:Databases
Título:PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Resumen:PostgreSQL is prone to a security-bypass vulnerability because the; application fails to properly validate the domain name in a signed CA certificate, allowing attackers; to substitute malicious SSL certificates for trusted ones.;; PostgreSQL is also prone to a local privilege-escalation vulnerability.
Descripción:Summary:
PostgreSQL is prone to a security-bypass vulnerability because the
application fails to properly validate the domain name in a signed CA certificate, allowing attackers
to substitute malicious SSL certificates for trusted ones.

PostgreSQL is also prone to a local privilege-escalation vulnerability.

Vulnerability Impact:
Successfully exploiting this issue allows attackers to perform man-in-the-
middle attacks or impersonate trusted servers, which will aid in further attacks.

Exploiting the privilege-escalation vulnerability allows local attackers to gain elevated
privileges.

Affected Software/OS:
PostgreSQL versions prior to 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and
7.4.27 are vulnerable to this issue.

Solution:
Updates are available. Please see the references for more information.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 37334
BugTraq ID: 37333
Common Vulnerability Exposure (CVE) ID: CVE-2009-4034
http://www.securityfocus.com/bid/37334
Bugtraq: 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server (Google Search)
http://www.securityfocus.com/archive/1/509917/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html
HPdes Security Advisory: HPSBMU02781
http://marc.info/?l=bugtraq&m=134124585221119&w=2
HPdes Security Advisory: SSRT100617
http://www.mandriva.com/security/advisories?name=MDVSA-2009:333
http://osvdb.org/61038
http://www.securitytracker.com/id?1023325
http://secunia.com/advisories/37663
SuSE Security Announcement: SUSE-SR:2010:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
http://www.vupen.com/english/advisories/2009/3519
Common Vulnerability Exposure (CVE) ID: CVE-2009-4136
http://www.securityfocus.com/bid/37333
http://osvdb.org/61039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9358
http://www.redhat.com/support/errata/RHSA-2010-0427.html
http://www.redhat.com/support/errata/RHSA-2010-0428.html
http://www.redhat.com/support/errata/RHSA-2010-0429.html
http://www.securitytracker.com/id?1023326
http://secunia.com/advisories/39820
http://www.vupen.com/english/advisories/2010/1197
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.