| From: | Kishore Isaac <k(dot)isaac(at)loccioni(dot)com> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org>, Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com> |
| Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | RE: Tenable Report Issue even after upgrading to correct Postgres version |
| Date: | 2021-11-15 20:59:41 |
| Message-ID: | a841ecddee93431d9db48608f448b12a@GL-EXCHANGE02.loccioni.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi Dave,
Thanks for your response, is it possible to include the screenshots Sandeep sent?
Appreciate your help,
Kishore Isaac
[cid:image001(dot)png(at)01D7DA39(dot)CB7236D0]
Phone 301 477 7048
Web www.loccioni.com
________________________________________
PRIVACY
According to International Privacy Laws the information contained in this message is confidential and of exclusive use of the addressee(s). Should you receive this message by mistake, please delete it and send a written communication to privacy(at)loccioni(dot)com
Please consider the environment before printing this email
From: Dave Page <dpage(at)pgadmin(dot)org>
Sent: Monday, November 15, 2021 5:13 AM
To: Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
Cc: David G. Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>; Bruce Momjian <bruce(at)momjian(dot)us>; Kishore Isaac <k(dot)isaac(at)loccioni(dot)com>; pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: Tenable Report Issue even after upgrading to correct Postgres version
On Mon, Nov 15, 2021 at 10:05 AM Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com<mailto:sandeep(dot)thakkar(at)enterprisedb(dot)com>> wrote:
Hi,
I installed v12.2-4 on my Windows VM, launched StackBuilder and upgraded to version v12.9-1 (the latest stable release) and the registry entry was updated. I've attached the screenshots.
Please also note that Tenable should really *not* be checking what version is installed in this way, as that info is intended for the installer (and pgAdmin, and other similar apps) for internal use and non-security related service discovery. It is easily possible for a user to update parts of the PostgreSQL installation without changing that registry value, e.g. by unpacking the zipped binary distribution over an existing installation.
Any security scanner worth it's salt should be examining the VERSIONINFO resource in postgres.exe to see what is actually installed (or connecting to the database server and asking it, but that might be harder).
--
Dave Page
Blog: https://pgsnake.blogspot.com
Twitter: @pgsnake
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2021-11-15 21:23:02 | Re: conchuela timeouts since 2021-10-09 system upgrade |
| Previous Message | Дмитрий Иванов | 2021-11-15 16:36:14 | Re: pg_restore depending on user functions |