Re: Tenable Report Issue even after upgrading to correct Postgres version

From: Dave Page <dpage(at)pgadmin(dot)org>
To: Kishore Isaac <k(dot)isaac(at)loccioni(dot)com>
Cc: Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject: Re: Tenable Report Issue even after upgrading to correct Postgres version
Date: 2021-11-16 09:11:05
Message-ID: CA+OCxoytG6UfT=huSwLEgVaPW0X4izGq_kcTQsQfrJf-0LrnYA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Hi

On Mon, Nov 15, 2021 at 8:59 PM Kishore Isaac <k(dot)isaac(at)loccioni(dot)com> wrote:

> Hi Dave,
>
>
>
> Thanks for your response, is it possible to include the screenshots
> Sandeep sent?
>

Include them in what? They're already on his email and in the mailing list
archives. I don't understand what you're asking for.

>
>
> Appreciate your help,
>
>
>
> *Kishore Isaac*
>
>
>
>
>
> Phone 301 477 7048
>
> Web www.loccioni.com
>
> ________________________________________
>
> PRIVACY
>
> According to International Privacy Laws the information contained in this
> message is confidential and of exclusive use of the addressee(s). Should
> you receive this message by mistake, please delete it and send a written
> communication to privacy(at)loccioni(dot)com
>
> Please consider the environment before printing this email
>
>
>
> *From:* Dave Page <dpage(at)pgadmin(dot)org>
> *Sent:* Monday, November 15, 2021 5:13 AM
> *To:* Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com>
> *Cc:* David G. Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>; Bruce Momjian <
> bruce(at)momjian(dot)us>; Kishore Isaac <k(dot)isaac(at)loccioni(dot)com>;
> pgsql-bugs(at)lists(dot)postgresql(dot)org
> *Subject:* Re: Tenable Report Issue even after upgrading to correct
> Postgres version
>
>
>
>
>
>
>
> On Mon, Nov 15, 2021 at 10:05 AM Sandeep Thakkar <
> sandeep(dot)thakkar(at)enterprisedb(dot)com> wrote:
>
> Hi,
>
>
>
> I installed v12.2-4 on my Windows VM, launched StackBuilder and upgraded
> to version v12.9-1 (the latest stable release) and the registry entry was
> updated. I've attached the screenshots.
>
>
>
>
>
> Please also note that Tenable should really *not* be checking what version
> is installed in this way, as that info is intended for the installer (and
> pgAdmin, and other similar apps) for internal use and non-security related
> service discovery. It is easily possible for a user to update parts of the
> PostgreSQL installation without changing that registry value, e.g. by
> unpacking the zipped binary distribution over an existing installation.
>
>
>
> Any security scanner worth it's salt should be examining the VERSIONINFO
> resource in postgres.exe to see what is actually installed (or connecting
> to the database server and asking it, but that might be harder).
>
>
>
> --
>
> Dave Page
> Blog: https://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EDB: https://www.enterprisedb.com
>

--
Dave Page
Blog: https://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: https://www.enterprisedb.com

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message Erki Eessaar 2021-11-16 11:14:39 Re: References to parameters by name are lost in INSERT INTO ... SELECT <parameter value> .... statements in case of routines with the SQL-standard function body
Previous Message Stanisław Kodzis 2021-11-16 08:34:33 Postgres14.1 bug with pg_restore and repmgr