##############################################################################
#
#  PostgreSQL Denial of Service Vulnerabilities (Windows)
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2006/10/27
#
#  $Revision: 1.1 $
#
#  $Log: os2a_postgresql_dos_win_608046.nasl,v $
#  Revision 1.1  2006/10/27 13:09:08  shraddha
#  To Production Issue #3171
#
#  Revision 1.3  2006/10/27 11:26:34  schandan
#  Issue #3171
#
#  Revision 1.2  2006/10/27 11:17:37  vnkbabu
#  Issue #3171
#
#  Revision 1.1  2006/10/27 09:40:56  vnkbabu
#  Issue #3171
#
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(description)
{
 script_id(608046);
 script_bugtraq_id(20717);
 script_copyright(english:"Copyright (C) 2006 OS2A");
 script_version("$Revision: 1.1 $");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Denial of Service");
 script_name(english:"PostgreSQL Denial of Service Vulnerabilities (Windows)");
 script_summary(english:"Check for PostgreSQL version");
 desc["english"] = "
 Overview : This host has PostgreSQL installed, which is prone to denial of
 service vulnerabilities.

 These flaws exist due to,
 - an error when converting certain literals into ANYARRAY.
 - an error in the handling of aggregate functions in UPDATE statements.
 - an error when logging certain V3-protocol execute messages of ROLLBACK or
   COMMIT statements.

 Impact : Successful exploitation could lead attackers to crash server process.

 Scope of impact is limited to the application level.

 Affected Product : PostgreSQL Version 7.3.x - 7.3.15
 		    PostgreSQL Version 7.4.x - 7.4.13
		    PostgreSQL Version 8.0.x - 8.0.8
 		    PostgreSQL Version 8.1.x - 8.1.4

 Affected Platform : Any system running the affected software.

 Solution : Update to version 8.1.5 / 8.0.9 / 7.4.14 / 7.3.16,
            http://www.postgresql.org/download

 References : http://secunia.com/advisories/22562/
 	      http://projects.commandprompt.com/public/pgsql/changeset/26457
 	      http://projects.commandprompt.com/public/pgsql/changeset/25504
              http://projects.commandprompt.com/public/pgsql/changeset/25953

 CVSS Score : 
	 CVSS Base Score     : 2.1 (AV:L/AC:L/Au:R/C:N/I:N/A:C/B:A)
	 CVSS Temporal Score : 1.6
 Risk factor : Low";
 script_description(english:desc["english"]);
 script_dependencies("smb_hotfixes.nasl",
                     "os2a_postgresql_version_win_601226.nasl");
 script_require_keys("SMB/WindowsVersion", "PostgreSQL/Windows/Version");
 exit(0);
}


 if(!get_kb_item("SMB/WindowsVersion")){
        exit(0);
 }

 pgsqlVer = get_kb_item("PostgreSQL/Windows/Version");
 if(pgsqlVer)
 {
        if(egrep(pattern:"^(7\.(3(\.[0-9]|\.1[0-5])?|4(\.[0-9]|\.1[0-3])?)|" +
			 "8\.(0(\.[0-8])?|1(\.[0-4])?))$",
		 string:pgsqlVer)){
                security_warning(0);
        }
 }