HD Moore is the creator of Metasploit, added a new PostgreSQL scanner auxiliary module to Framework. A few weeks ago, one of the worst security vulnerabilities to date in PostgreSQL was discovered. This module can identify PostgreSQL 9.0, 9.1, and 9.2 servers that are vulnerable to command-line flag injection through CVE-2013-1899. This can lead to denial of service, privilege escalation, or even arbitrary code execution. Any system that allows unrestricted access to the PostgreSQL network port, such as users running PostgreSQL on a public cloud, is especially vulnerable. Users whose servers are only accessible on protected internal networks, or who have effective firewalling or other network access restrictions, are less vulnerable. Get Script here
April 4, 2013, 11:03 pm by
Most Recent Articles
Follow us on Facebook