Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в PostgreSQL
Опубликовано:8 апреля 2013 г.
Источник:
SecurityVulns ID:12985
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS, слабый PRNG, повышение привилегий.
Затронутые продукты:POSTGRES : PostgreSQL 8.4
 POSTGRES : PostgreSQL 9.1
 POSTGRES : PostgreSQL 9.2
CVE:CVE-2013-1901 (PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.)
 CVE-2013-1900 (PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions.")
 CVE-2013-1899 (Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).)
Оригинальный текстdocumentUBUNTU, [USN-1789-1] PostgreSQL vulnerabilities (08.04.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород