Computer Security
[EN] securityvulns.ru no-pyccku


PostgreSQL multiple security vulnerabilities
Published:08.04.2013
Source:
SecurityVulns ID:12985
Type:remote
Threat Level:
5/10
Description:DoS, weak PRNG, privilege escalation.
Affected:POSTGRES : PostgreSQL 8.4
 POSTGRES : PostgreSQL 9.1
 POSTGRES : PostgreSQL 9.2
CVE:CVE-2013-1901 (PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.)
 CVE-2013-1900 (PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions.")
 CVE-2013-1899 (Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).)
Original documentdocumentUBUNTU, [USN-1789-1] PostgreSQL vulnerabilities (08.04.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod