Computer Security
[EN] securityvulns.ru no-pyccku


PostgreSQL security vulnerabilities
Published:13.06.2012
Source:
SecurityVulns ID:12414
Type:library
Threat Level:
5/10
Description:DoS, weak crypt() implementation.
Affected:POSTGRES : PostgreSQL 8.4
CVE:CVE-2012-2655 (PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.)
 CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2491-1] postgresql-8.4 security update (13.06.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod