Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

PostgreSQL DB vulnerability announcement in amigopod

This thread has been viewed 0 times

  • 1.  PostgreSQL DB vulnerability announcement in amigopod

    Posted Apr 05, 2013 05:24 AM

    Should we be expecting to see a  vulnerability announcement  from Aruba (and some sort of expectation of a patch)

    for the amigopod based on the PostgreSQL Security Update ?

    http://www.postgresql.org/support/security/faq/2013-04-04/

     

    Forgive me if I have missed it.

    Many thanks,

    Jon

     



  • 2.  RE: PostgreSQL DB vulnerability announcement in amigopod

    Posted Apr 05, 2013 06:36 PM

    Note that in Amigopod 3.9.x, the Postgresql database is not accessible from the network.

     

    So this vulnerability, while it exists in the version of postgresql currently being used, cannot be exploited from the network.

     

    Caution:  If you have enabled the "Enable remote access to the database" checkbox under Administrator » System Control » Database Config, this is a potential hole.  In this case, you should ensure that the access-control list in "Permitted Hosts" is specified, and that this ACL does not allow guests to access the database server.

     

    I'm not speaking in an official capacity here, but you should expect to see some form of patch for this vulnerability nonetheless.

     



  • 3.  RE: PostgreSQL DB vulnerability announcement in amigopod

    Posted Apr 08, 2013 10:56 AM

    Many thanks Dave for your prompt  reply and the Host firewalling details

    regards Jon