From bad97a70c4fe15fdc49ecb89d6da141f18d9efc7 Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Mon, 1 Apr 2019 15:21:57 -0500
Subject: [PATCH] Land #11636, postgres_createlang version check fix

---
 .../multi/postgres/postgres_createlang.rb     | 26 +++++++++----------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/modules/exploits/multi/postgres/postgres_createlang.rb b/modules/exploits/multi/postgres/postgres_createlang.rb
index f403cf14d1..aac5818226 100644
--- a/modules/exploits/multi/postgres/postgres_createlang.rb
+++ b/modules/exploits/multi/postgres/postgres_createlang.rb
@@ -57,26 +57,24 @@ class MetasploitModule < Msf::Exploit::Remote
     deregister_options('SQL', 'RETURN_ROWSET', 'VERBOSE')
   end
 
-  def postgres_major_version(version)
-    version_match = version.match(/(?<software>\w{10})\s(?<major_version>\d{1,2})\.(?<minor_version>\d{1,2})\.(?<revision>\d{1,2})/)
-    version_match['major_version']
-  end
-
   def check
-    if vuln_version?
-      Exploit::CheckCode::Appears
-    else
-      Exploit::CheckCode::Safe
-    end
+    vuln_version? ? CheckCode::Appears : CheckCode::Safe
   end
 
   def vuln_version?
     version = postgres_fingerprint
-    if version[:auth]
-      major_version = postgres_major_version(version[:auth])
-      return true if major_version && major_version.to_i >= 8
+
+    return unless version[:auth]
+
+    vprint_status version[:auth].to_s
+
+    version_full = version[:auth].to_s.scan(/^PostgreSQL ([\d\.]+)/i).flatten.first
+
+    if Gem::Version.new(version_full) >= Gem::Version.new('8.0')
+      return true
+    else
+      return false
     end
-    false
   end
 
   def login_success?