Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12812
HistoryMay 25, 2006 - 12:00 a.m.

[Full-disclosure] rPSA-2006-0080-1 postgresql postgresql-server

2006-05-2500:00:00
vulners.com
5
JSON

rPath Security Advisory: 2006-0080-1
Published: 2006-05-24
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Local System User Deterministic Vulnerability
Updated Versions:
postgresql=/conary.rpath.com@rpl:devel//1/8.1.4-1-0.1
postgresql-server=/conary.rpath.com@rpl:devel//1/8.1.4-1-0.1

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314
http://bugs.rpath.com/show_bug.cgi?id=1159
http://www.postgresql.org/docs/techdocs.49
http://www.postgresql.org/docs/techdocs.50
http://developer.postgresql.org/docs/postgres/release-8-1-4.html

Description:
Previous versions of postgresql server and client libraries contain
weaknesses parsing certain character encodings (UTF-8, SJIS, BIG5,
GBK, GB18030, or UHC, but not ASCII) which, when using the vulnerable
encodings, can enable SQL injection attacks against applications
(particularly web applications) which use non-standard escaping of
quote characters.

Because vulnerable escaping of quote characters is no longer allowed,
some existing applications may not function correctly when used with
the new release of postgresql.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Related

nessus 16
osv 1
securityvulns 1
openvas 4
gentoo 1
fedora 1
freebsd 1
ubuntu 3
debian 1
suse 1
centos 1
cve 3
prion 3
redhat 1
debiancve 1
postgresql 2
ubuntucve 2
nessus
nessus
Debian DSA-1087-1 : postgresql - programming error
2006-10-14 00:00:00
Fedora 7 : php-pear-DB-1.7.11-1.fc7 (2007-0249)
2007-11-06 00:00:00
openSUSE 10 Security Update : postgresql (postgresql-1443)
2007-10-17 00:00:00
osv
osv
postgresql - programming error
2006-06-03 00:00:00
securityvulns
securityvulns
PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15
2006-05-26 00:00:00
openvas
openvas
Debian Security Advisory DSA 1087-1 (postgresql)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200607-04 (postgresql)
2008-09-24 00:00:00
FreeBSD Ports: postgresql, postgresql-server, ja-postgresql
2008-09-04 00:00:00
gentoo
gentoo
PostgreSQL: SQL injection
2006-07-09 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: php-pear-DB-1.7.11-1.fc7
2007-06-06 16:42:53
freebsd
freebsd
postgresql -- encoding based SQL injection
2006-05-11 00:00:00
ubuntu
ubuntu
PostgreSQL server/client vulnerabilities
2006-05-29 00:00:00
PostgreSQL server/client vulnerabilities
2006-06-09 00:00:00
PostgreSQL client vulnerabilities
2006-06-09 00:00:00
debian
debian
[SECURITY] [DSA 1087-1] New PostgreSQL packages fix encoding vulnerabilities
2006-06-03 07:52:06
suse
suse
remote code execution in postgresql
2006-06-09 14:03:55
centos
centos
postgresql, rh security update
2006-05-23 21:38:04
cve
cve
CVE-2006-2824
2006-06-05 17:02:00
CVE-2006-2314
2006-05-24 10:06:00
CVE-2006-2313
2006-05-24 10:06:00
prion
prion
Design/Logic Flaw
2006-06-05 17:02:00
Sql injection
2006-05-24 10:06:00
Sql injection
2006-05-24 10:06:00
redhat
redhat
(RHSA-2006:0526) postgresql security update
2006-05-23 00:00:00
debiancve
debiancve
CVE-2006-2314
2006-05-24 10:06:00
postgresql
postgresql
Vulnerability in core server (CVE-2006-2314)
2006-05-24 10:06:00
Vulnerability in core server (CVE-2006-2313)
2006-05-24 10:06:00
ubuntucve
ubuntucve
CVE-2006-2314
2006-05-24 00:00:00
CVE-2006-2313
2006-05-24 00:00:00
JSON
Related for SECURITYVULNS:DOC:12812
nessus16osv1securityvulns1openvas4gentoo1fedora1freebsd1ubuntu3debian1suse1centos1cve3prion3redhat1debiancve1postgresql2ubuntucve2