Sun Alert 270408 Security Vulnerabilities in PostgreSQL Shipped with Solaris may Allow a Denial of Service (DoS) or Privilege Escalation

Exploits:

font size: decrease font size increase font size
Rate this article
View Comments
Related content

Product: Solaris 10, OpenSolaris Security vulnerabilities affecting the PostgreSQL software shipped with Solaris may allow an authenticated PostgreSQL user to cause a denial of service (DoS) to the PostgreSQL server by "re-LOAD-ing" libraries from a certain plugins directory. However, the PostgreSQL versions shipped with Solaris do not include any plugins. In addition, an issue with the privileges for RESET ROLE and RESET SESSION AUTHORIZATION operations may allow any authenticated users to gain extra privileges. These issues are described in the ...

Product: Solaris 10, OpenSolaris

Security vulnerabilities affecting the PostgreSQL software shipped with Solaris may allow an authenticated PostgreSQL user to cause a denial of service (DoS) to the PostgreSQL server by "re-LOAD-ing" libraries from a certain plugins directory. However, the PostgreSQL versions shipped with Solaris do not include any plugins. In addition, an issue with the privileges for RESET ROLE and RESET SESSION AUTHORIZATION operations may allow any authenticated users to gain extra privileges.

These issues are described in the following documents:

Official PostgreSQL announcement at: http://www.postgresql.org/about/news.1135
CVE-2009-3229 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3229
CVE-2009-3230 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230

Note: PostgreSQL is not compiled with LDAP support on Solaris. Solaris is not affected with CVE-2009-3231.

State: Workaround

First released: 26-Oct-2009

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1

Read Full Article

Written on Wednesday, 28 October 2009 19:00 by

Viewed 17 times so far.
Like this? Tweet it to your followers!

Published in Subscribe to the RSS feed of Network Security & Hacking News Network Security & Hacking News / Subscribe to the RSS feed of Global Security News Global Security News

Like this? Let your friends know now!

Rate this article

Latest articles from

New York Tests Xbox-Based Emergency Alert System posted on Friday, 20 November 2009 13:07
An interesting concept is currently being tested in New York. Gamers used to confronting invading…
NC Reports Tamiflu Resistant Cases of Swine Flu posted on Friday, 20 November 2009 13:12
Not a good sign in the fight against Swine Flu. Health officials say four people…
Vuln: eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability posted on Friday, 20 November 2009 11:00
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
Fly for $1 or Your Money Back! posted on Friday, 20 November 2009 12:07
It is the time of year to get together with family and friends, and that…
U.S. Reviews Air Defenses to Thwart Terror From Skies posted on Friday, 20 November 2009 12:38
I'm not sure how one can ever place a price tag on preventing another 9/11or…

Latest 'tweets' from GovernmentSecurity

News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38

blog comments powered by Disqus

back to top