Информационная безопасность
[RU] switch to English


Уязвимости безопасности в PostgreSQL
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12414
Тип:библиотека
Уровень опасности:
5/10
Описание:Слабая реазлизация crypt(), DoS.
Затронутые продукты:POSTGRES : PostgreSQL 8.4
CVE:CVE-2012-2655 (PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.)
 CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2491-1] postgresql-8.4 security update (13.06.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород