ID E7BC5600-EAA0-11DE-BD9C-00215C6A37BB Type freebsd Reporter FreeBSD Modified 2009-11-20T00:00:00
Description
PostgreSQL project reports:
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly handle a '\0' character
in a domain name in the subject's Common Name (CN) field of an
X.509 certificate, which (1) allows man-in-the-middle attackers
to spoof arbitrary SSL-based PostgreSQL servers via a crafted
server certificate issued by a legitimate Certification Authority,
and (2) allows remote attackers to bypass intended client-hostname
restrictions via a crafted client certificate issued by a legitimate
Certification Authority, a related issue to CVE-2009-2408.
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly manage session-local
state during execution of an index function by a database
superuser, which allows remote authenticated users to gain
privileges via a table with crafted index functions, as
demonstrated by functions that modify (1) search_path or
(2) a prepared statement, a related issue to CVE-2007-6600
and CVE-2009-3230.
{"reporter": "FreeBSD", "published": "2009-11-20T00:00:00", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "title": "postgresql -- multiple vulnerabilities", "objectVersion": "1.2", "type": "freebsd", "hash": "852e13c8e17c6c837be43c788ad009a2ead0394eefda66f43f3f43134584d2f1", "href": "https://vuxml.freebsd.org/freebsd/e7bc5600-eaa0-11de-bd9c-00215c6a37bb.html", "bulletinFamily": "unix", "hashmap": [{"hash": "cd4e391b51894ae93d0edf4b6a516339", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "42a2d49add379e74e5c6d4f2d78e46aa", "key": "cvelist"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "d57fdf9663b1f21f3d71ab16216e03cd", "key": "description"}, {"hash": "b23cdf87f527a1184c3bb8d83fab7399", "key": "href"}, {"hash": "6dd8cfdffb38b85e82a7efd63da62862", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6dd8cfdffb38b85e82a7efd63da62862", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "e723dd6bd11a0bf4d36aa8e24c09d2a0", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "history": [], "enchantments": {"vulnersScore": 7.5}, "modified": "2009-11-20T00:00:00", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.4.27", "operator": "lt", "packageName": "postgresql-server", "arch": "noarch", "packageFilename": "UNKNOWN"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.4", "operator": "eq", "packageName": "postgresql-server", "arch": "noarch", "packageFilename": "UNKNOWN"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.4", "operator": "eq", "packageName": "postgresql-client", "arch": "noarch", "packageFilename": "UNKNOWN"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.4.27", "operator": "lt", "packageName": "postgresql-client", "arch": "noarch", "packageFilename": "UNKNOWN"}], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "viewCount": 0, "edition": 1, "description": "\nPostgreSQL project reports:\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly handle a '\\0' character\n\t in a domain name in the subject's Common Name (CN) field of an\n\t X.509 certificate, which (1) allows man-in-the-middle attackers\n\t to spoof arbitrary SSL-based PostgreSQL servers via a crafted\n\t server certificate issued by a legitimate Certification Authority,\n\t and (2) allows remote attackers to bypass intended client-hostname\n\t restrictions via a crafted client certificate issued by a legitimate\n\t Certification Authority, a related issue to CVE-2009-2408.\n\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly manage session-local\n\t state during execution of an index function by a database\n\t superuser, which allows remote authenticated users to gain\n\t privileges via a table with crafted index functions, as\n\t demonstrated by functions that modify (1) search_path or\n\t (2) a prepared statement, a related issue to CVE-2007-6600\n\t and CVE-2009-3230.\n\n", "references": [], "id": "E7BC5600-EAA0-11DE-BD9C-00215C6A37BB", "lastseen": "2016-09-26T17:24:50"}
{"result": {"cve": [{"id": "CVE-2009-4034", "type": "cve", "title": "CVE-2009-4034", "description": "PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "published": "2009-12-15T13:30:01", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4034", "cvelist": ["CVE-2009-4034"], "lastseen": "2016-09-03T13:03:45"}, {"id": "CVE-2009-4136", "type": "cve", "title": "CVE-2009-4136", "description": "PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.", "published": "2009-12-15T13:30:01", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4136", "cvelist": ["CVE-2009-4136"], "lastseen": "2017-09-19T13:36:43"}], "postgresql": [{"id": "POSTGRESQL:CVE-2009-4034", "type": "postgresql", "title": "Vulnerability in core server (CVE-2009-4034)", "description": "NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue.", "published": "2009-12-15T13:30:01", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.postgresql.org/support/security/8.4/", "cvelist": ["CVE-2009-4034"], "lastseen": "2018-02-15T15:10:41"}, {"id": "POSTGRESQL:CVE-2009-4136", "type": "postgresql", "title": "Vulnerability in core server (CVE-2009-4136)", "description": "Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (below).", "published": "2009-12-15T13:30:01", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.postgresql.org/support/security/8.4/", "cvelist": ["CVE-2009-4136"], "lastseen": "2018-02-15T15:10:41"}], "seebug": [{"id": "SSV:15154", "type": "seebug", "title": "PostgreSQL CA SSL\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e", "description": "BUGTRAQ ID: 37334\r\nCVE ID: CVE-2009-4034\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1X.509\u8bc1\u4e66\u4e3b\u9898\u7684\u901a\u7528\u540d\u79f0\uff08CN\uff09\u5b57\u7b26\u7684\u57df\u540d\u4e2d\u7684\u7a7a\u5b57\u7b26\uff08\\0\uff09\uff0c\u5728\u5904\u7406\u5305\u542b\u6709\u7a7a\u5b57\u7b26\u7684\u8bc1\u4e66\u5b57\u6bb5\u65f6\u9519\u8bef\u5730\u5c06\u7a7a\u5b57\u7b26\u5904\u7406\u4e3a\u622a\u6b62\u5b57\u7b26\uff0c\u56e0\u6b64\u53ea\u4f1a\u9a8c\u8bc1\u7a7a\u5b57\u7b26\u524d\u7684\u90e8\u5206\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e\u7c7b\u4f3c\u4e8e\u4ee5\u4e0b\u7684\u540d\u79f0\uff1a\r\n\r\n example.com\\0.haxx.se\r\n\r\n\u8bc1\u4e66\u662f\u53d1\u5e03\u7ed9haxx.se\u7684\uff0c\u4f46PostgreSQL\u9519\u8bef\u7684\u9a8c\u8bc1\u7ed9example.com\uff0c\u8fd9\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5408\u6cd5CA\u6240\u53d1\u5e03\u7684\u7279\u5236\u670d\u52a1\u5668\u8bc1\u4e66\u4f2a\u9020\u6210\u4e3a\u4efb\u610f\u57fa\u4e8eSSL\u7684PostgreSQL\u670d\u52a1\u5668\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u6216\u7ed5\u8fc7\u9884\u671f\u7684\u5ba2\u6237\u7aef-\u4e3b\u673a\u540d\u9650\u5236\u3002\n\nPostgreSQL PostgreSQL 8.4.x\r\nPostgreSQL PostgreSQL 8.3.x\r\nPostgreSQL PostgreSQL 8.2.x\r\nPostgreSQL PostgreSQL 8.1.x\r\nPostgreSQL PostgreSQL 8.0.x\r\nPostgreSQL PostgreSQL 7.4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org/about/news.1170\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-6909139\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-6909139\uff1aSecurity Vulnerabilities in PostgreSQL Shipped With Solaris May Allow Escalation of Privileges or Man-in-the-Middle on SSL Connections\r\n\u94fe\u63a5\uff1ahttp://sunsolve.sun.com/search/document.do?assetkey=1-66-274870-1", "published": "2009-12-29T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-15154", "cvelist": ["CVE-2009-4034"], "lastseen": "2017-11-19T18:28:18"}, {"id": "SSV:15096", "type": "seebug", "title": "PostgreSQL\u7a7a\u5b57\u7b26CA SSL\u6574\u6570\u6821\u9a8c\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e", "description": "Bugraq ID: 37334\r\nCVE ID\uff1aCVE-2009-4034\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\u5904\u7406\u90e8\u5206\u8bc1\u4e66\u5b57\u6bb5\u4e2d\u5d4c\u5165\u7a7a\u5b57\u7b26\u7684SSL\u8bc1\u4e66\u5b58\u5728\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4f2a\u9020\u8bc1\u4e66\uff0c\u8fdb\u884c\u4e2d\u95f4\u4eba\u7b49\u653b\u51fb\u3002\r\nSSL\u8bc1\u4e66\u4e2d\u7684\u7a7a\u5b57\u7b26\u53ef\u7528\u4e8e\u4f2a\u9020\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u7aef\u9a8c\u8bc1\uff0c\u53ea\u5f71\u54cd\u542f\u7528\u4e86SSL\uff0c\u6267\u884c\u8bc1\u4e66\u540d\u6821\u9a8c\u6216\u5ba2\u6237\u7aef\u8bc1\u4e66\u9a8c\u8bc1\uff0c\u800c\u5176CA\u5df2\u7ecf\u88ab\u8bf1\u9a97\u53d1\u5e03\u4e86\u975e\u6cd5\u8bc1\u4e66\u7684\u7528\u6237\u3002\n\nPostgreSQL PostgreSQL 8.4.1 \r\nPostgreSQL PostgreSQL 8.3.8 \r\nPostgreSQL PostgreSQL 8.3.6 \r\nPostgreSQL PostgreSQL 8.2.14 \r\nPostgreSQL PostgreSQL 8.2.6 \r\nPostgreSQL PostgreSQL 8.2.4 \r\nPostgreSQL PostgreSQL 8.2.3 \r\nPostgreSQL PostgreSQL 8.2.2 \r\nPostgreSQL PostgreSQL 8.2 \r\nPostgreSQL PostgreSQL 8.1.18 \r\nPostgreSQL PostgreSQL 8.1.11 \r\nPostgreSQL PostgreSQL 8.1.9 \r\nPostgreSQL PostgreSQL 8.1.8 \r\nPostgreSQL PostgreSQL 8.1.5 \r\nPostgreSQL PostgreSQL 8.1.4 \r\nPostgreSQL PostgreSQL 8.1.3 \r\nPostgreSQL PostgreSQL 8.1.1 \r\nPostgreSQL PostgreSQL 8.0.22 \r\nPostgreSQL PostgreSQL 8.0.15 \r\nPostgreSQL PostgreSQL 8.0.13 \r\nPostgreSQL PostgreSQL 8.0.9 \r\nPostgreSQL PostgreSQL 8.0.8 \r\nPostgreSQL PostgreSQL 8.0.7 \r\nPostgreSQL PostgreSQL 8.0.5 \r\nPostgreSQL PostgreSQL 8.0.4 \r\nPostgreSQL PostgreSQL 8.0.3 \r\nPostgreSQL PostgreSQL 8.0.2 \r\nPostgreSQL PostgreSQL 8.0.1 \r\nPostgreSQL PostgreSQL 8.0 \r\nPostgreSQL PostgreSQL 7.4.26 \r\nPostgreSQL PostgreSQL 7.4.19 \r\nPostgreSQL PostgreSQL 7.4.17 \r\nPostgreSQL PostgreSQL 7.4.14 \r\nPostgreSQL PostgreSQL 7.4.13 \r\nPostgreSQL PostgreSQL 7.4.12 \r\nPostgreSQL PostgreSQL 7.4.11 \r\nPostgreSQL PostgreSQL 7.4.10 \r\nPostgreSQL PostgreSQL 7.4.9 \r\nPostgreSQL PostgreSQL 7.4.8 \r\nPostgreSQL PostgreSQL 7.4.7 \r\nPostgreSQL PostgreSQL 7.4.6 \r\nPostgreSQL PostgreSQL 7.4.5 \r\nPostgreSQL PostgreSQL 7.4.4 \r\nPostgreSQL PostgreSQL 7.4.3 \r\nPostgreSQL PostgreSQL 7.4.2 \r\nPostgreSQL PostgreSQL 7.4.1 \r\nPostgreSQL PostgreSQL 7.4 \r\nPostgreSQL PostgreSQL 8.4\r\nPostgreSQL PostgreSQL 8.3\r\nPostgreSQL PostgreSQL 8.1.7\r\nPostgreSQL PostgreSQL 8.0.11\r\nPostgreSQL PostgreSQL 7.4.16\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.postgresql.org/about/news.1170", "published": "2009-12-17T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-15096", "cvelist": ["CVE-2009-4034"], "lastseen": "2017-11-19T18:25:04"}, {"id": "SSV:15153", "type": "seebug", "title": "PostgreSQL\u7d22\u5f15\u529f\u80fd\u6743\u9650\u63d0\u5347\u6f0f\u6d1e", "description": "BUGTRAQ ID: 37333\r\nCVE ID: CVE-2009-4136\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL\u5728\u6267\u884c\u6570\u636e\u5e93\u8d85\u7ea7\u7528\u6237\u7684\u7d22\u5f15\u529f\u80fd\u671f\u95f4\u6ca1\u6709\u6b63\u786e\u5730\u7ba1\u7406session-local\u72b6\u6001\uff0c\u8fd9\u5141\u8bb8\u901a\u8fc7\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5e26\u6709\u7279\u5236\u7d22\u5f15\u529f\u80fd\u7684\u8868\u683c\u83b7\u5f97\u6743\u9650\u63d0\u5347\u3002\n\nPostgreSQL PostgreSQL 8.4.x\r\nPostgreSQL PostgreSQL 8.3.x\r\nPostgreSQL PostgreSQL 8.2.x\r\nPostgreSQL PostgreSQL 8.1.x\r\nPostgreSQL PostgreSQL 8.0.x\r\nPostgreSQL PostgreSQL 7.4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org/about/news.1170\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-6909139\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-6909139\uff1aSecurity Vulnerabilities in PostgreSQL Shipped With Solaris May Allow Escalation of Privileges or Man-in-the-Middle on SSL Connections\r\n\u94fe\u63a5\uff1ahttp://sunsolve.sun.com/search/document.do?assetkey=1-66-274870-1", "published": "2009-12-29T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-15153", "cvelist": ["CVE-2009-4136"], "lastseen": "2017-11-19T18:18:01"}, {"id": "SSV:15095", "type": "seebug", "title": "PostgreSQL\u7d22\u5f15\u51fd\u6570\u4f1a\u8bdd\u72b6\u6001\u4fee\u6539\u672c\u5730\u7279\u6743\u63d0\u5347\u6f0f\u6d1e", "description": "Bugraq ID: 37333\r\nCVE ID\uff1aCVE-2009-4136\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\u7d22\u5f15\u51fd\u6570\u4e2d\u5904\u7406\u4f1a\u8bdd\u72b6\u6001\u66f4\u6539\u5b58\u5728\u4e00\u4e2a\u9519\u8bef\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u63d0\u5347\u7279\u6743\u3002\n\nPostgreSQL PostgreSQL 8.4.1 \r\nPostgreSQL PostgreSQL 8.3.8 \r\nPostgreSQL PostgreSQL 8.3.6 \r\nPostgreSQL PostgreSQL 8.2.14 \r\nPostgreSQL PostgreSQL 8.2.6 \r\nPostgreSQL PostgreSQL 8.2.4 \r\nPostgreSQL PostgreSQL 8.2.3 \r\nPostgreSQL PostgreSQL 8.2.2 \r\nPostgreSQL PostgreSQL 8.2 \r\nPostgreSQL PostgreSQL 8.1.18 \r\nPostgreSQL PostgreSQL 8.1.11 \r\nPostgreSQL PostgreSQL 8.1.9 \r\nPostgreSQL PostgreSQL 8.1.8 \r\nPostgreSQL PostgreSQL 8.1.5 \r\nPostgreSQL PostgreSQL 8.1.4 \r\nPostgreSQL PostgreSQL 8.1.3 \r\nPostgreSQL PostgreSQL 8.1.1 \r\nPostgreSQL PostgreSQL 8.0.22 \r\nPostgreSQL PostgreSQL 8.0.15 \r\nPostgreSQL PostgreSQL 8.0.13 \r\nPostgreSQL PostgreSQL 8.0.9 \r\nPostgreSQL PostgreSQL 8.0.8 \r\nPostgreSQL PostgreSQL 8.0.7 \r\nPostgreSQL PostgreSQL 8.0.5 \r\nPostgreSQL PostgreSQL 8.0.4 \r\nPostgreSQL PostgreSQL 8.0.3 \r\nPostgreSQL PostgreSQL 8.0.2 \r\nPostgreSQL PostgreSQL 8.0.1 \r\nPostgreSQL PostgreSQL 8.0 \r\nPostgreSQL PostgreSQL 7.4.26 \r\nPostgreSQL PostgreSQL 7.4.19 \r\nPostgreSQL PostgreSQL 7.4.17 \r\nPostgreSQL PostgreSQL 7.4.14 \r\nPostgreSQL PostgreSQL 7.4.13 \r\nPostgreSQL PostgreSQL 7.4.12 \r\nPostgreSQL PostgreSQL 7.4.11 \r\nPostgreSQL PostgreSQL 7.4.10 \r\nPostgreSQL PostgreSQL 7.4.9 \r\nPostgreSQL PostgreSQL 7.4.8 \r\nPostgreSQL PostgreSQL 7.4.7 \r\nPostgreSQL PostgreSQL 7.4.6 \r\nPostgreSQL PostgreSQL 7.4.5 \r\nPostgreSQL PostgreSQL 7.4.4 \r\nPostgreSQL PostgreSQL 7.4.3 \r\nPostgreSQL PostgreSQL 7.4.2 \r\nPostgreSQL PostgreSQL 7.4.1 \r\nPostgreSQL PostgreSQL 7.4 \r\nPostgreSQL PostgreSQL 8.4\r\nPostgreSQL PostgreSQL 8.3\r\nPostgreSQL PostgreSQL 8.1.7\r\nPostgreSQL PostgreSQL 8.0.11\r\nPostgreSQL PostgreSQL 7.4.16\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.postgresql.org/about/news.1170", "published": "2009-12-17T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-15095", "cvelist": ["CVE-2009-4136"], "lastseen": "2017-11-19T18:25:04"}, {"id": "SSV:15097", "type": "seebug", "title": "Ruby on Rails 'protect_from_forgery'\u8de8\u7ad9\u811a\u672c\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e", "description": "Bugraq ID: 37322\r\nCVE ID\uff1aCVE-2009-4136\r\n\r\nRuby on Rails\u662f\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\uff0c\u6784\u5efa\u5728Ruby\u8bed\u8a00\u4e4b\u4e0a\u3002\r\nRuby on Rails 'protect_from_forgery'\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u653b\u51fb\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u90e8\u5206\u7ba1\u7406\u5458\u64cd\u4f5c\uff0c\u83b7\u5f97\u5bf9\u5e94\u7528\u7a0b\u5e8f\u7684\u672a\u6388\u6743\u8bbf\u95ee\u6216\u5220\u9664\u90e8\u5206\u6570\u636e\u3002\n\nRuby on Rails Ruby on Rails 2.3.5 \r\nRuby on Rails Ruby on Rails 2.3.4 \r\nRuby on Rails Ruby on Rails 2.3.3 \r\nRuby on Rails Ruby on Rails 2.3.2 \r\nRuby on Rails Ruby on Rails 2.2.3 \r\nRuby on Rails Ruby on Rails 2.2.2 \r\nRuby on Rails Ruby on Rails 2.1.1 \r\nRuby on Rails Ruby on Rails 2.1 \r\nRuby on Rails Ruby on Rails 2.0.5 \r\nRuby on Rails Ruby on Rails 2.0.4 \r\nRuby on Rails Ruby on Rails 2.0 \r\nRuby on Rails Ruby on Rails 1.2.6 \r\nRuby on Rails Ruby on Rails 1.2.5 \r\nRuby on Rails Ruby on Rails 1.2.3 \r\nRuby on Rails Ruby on Rails 1.1.6 \r\nRuby on Rails Ruby on Rails 1.1.5 \r\nRuby on Rails Ruby on Rails 1.1.4 \r\nRuby on Rails Ruby on Rails 1.1.3 \r\nRuby on Rails Ruby on Rails 1.1.2 \r\nRuby on Rails Ruby on Rails 1.1.1 \r\nRuby on Rails Ruby on Rails 1.1 \r\nRuby on Rails Ruby on Rails 1.0\r\nRuby on Rails Ruby on Rails 0.14\r\nRuby on Rails Ruby on Rails 0.13\r\nRedmine Redmine 0.8.7 \r\nRedmine Redmine 0.8.6 \r\nRedmine Redmine 0.8.5 \r\nRedmine Redmine 0.7.3 \r\nRedmine Redmine 0.7.2\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.rubyonrails.com/\r\nhttp://www.redmine.org/", "published": "2009-12-17T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-15097", "cvelist": ["CVE-2009-4136"], "lastseen": "2017-11-19T18:25:04"}], "debian": [{"id": "DSA-1964", "type": "debian", "title": "postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several vulnerabilities", "description": "Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems:\n\nIt was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the (optional) TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name ([CVE-2009-4034](<https://security-tracker.debian.org/tracker/CVE-2009-4034>)).\n\nAuthenticated database users could elevate their privileges by creating specially-crafted index functions ([CVE-2009-4136](<https://security-tracker.debian.org/tracker/CVE-2009-4136>)).\n\nThe following matrix shows fixed source package versions for the respective distributions.\n\n| oldstable/etch | stable/lenny | testing/unstable \n---|---|---|--- \npostgresql-7.4 | 7.4.27-0etch1 | | \npostgresql-8.1 | 8.1.19-0etch1 | | \npostgresql-8.3 | | 8.3.9-0lenny1 | 8.3.9-1 \npostgresql-8.4 | | | 8.4.2-1 \n \nIn addition to these security fixes, the updates contain reliability improvements and fix other defects.\n\nWe recommend that you upgrade your PostgreSQL packages.", "published": "2009-12-31T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1964", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2016-09-02T18:23:19"}], "nessus": [{"id": "SUSE_11_POSTGRESQL-100108.NASL", "type": "nessus", "title": "SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)", "description": "The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "published": "2010-01-19T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44055", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-10-29T13:37:51"}, {"id": "SUSE_POSTGRESQL-6768.NASL", "type": "nessus", "title": "SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6768)", "description": "The following bugs have been fixed :\n\nAn unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. (CVE-2009-4136)\n\nEmbedded null bytes in the common name of SSL certificates could bypass certificate hostname checks. (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "published": "2010-10-11T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=49920", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-10-29T13:41:43"}, {"id": "SUSE_11_POSTGRESQL-100111.NASL", "type": "nessus", "title": "SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)", "description": "The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "published": "2011-03-17T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=52689", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-10-29T13:34:43"}, {"id": "FEDORA_2009-13381.NASL", "type": "nessus", "title": "Fedora 12 : postgresql-8.4.2-1.fc12 (2009-13381)", "description": "Update to latest upstream point releases\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-12-18T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=43340", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-10-29T13:42:06"}, {"id": "FREEBSD_PKG_E7BC5600EAA011DEBD9C00215C6A37BB.NASL", "type": "nessus", "title": "FreeBSD : postgresql -- multiple vulnerabilities (e7bc5600-eaa0-11de-bd9c-00215c6a37bb)", "description": "PostgreSQL project reports :\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.", "published": "2009-12-17T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=43177", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-10-29T13:33:12"}, {"id": "UBUNTU_USN-876-1.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities (USN-876-1)", "description": "It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates.\nAn attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.\n(CVE-2009-4034)\n\nIt was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL. (CVE-2009-4136).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-01-04T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=43622", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-10-29T13:33:20"}, {"id": "DEBIAN_DSA-1964.NASL", "type": "nessus", "title": "Debian DSA-1964-1 : postgresql-7.4, postgresql-8.1, postgresql-8.3 - several vulnerabilities", "description": "Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems :\n\nIt was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the (optional) TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name (CVE-2009-4034 ).\n\nAuthenticated database users could elevate their privileges by creating specially crafted index functions (CVE-2009-4136 ).\n\nThe following matrix shows fixed source package versions for the respective distributions.\n\n oldstable/etch stable/lenny testing/unstable postgresql-7.4 7.4.27-0etch1 postgresql-8.1 8.1.19-0etch1 postgresql-8.3 8.3.9-0lenny1 8.3.9-1 postgresql-8.4 8.4.2-1 In addition to these security fixes, the updates contain reliability improvements and fix other defects.", "published": "2010-02-24T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44829", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2018-07-10T05:53:10"}, {"id": "SUSE_11_0_POSTGRESQL-100108.NASL", "type": "nessus", "title": "openSUSE Security Update : postgresql (postgresql-1773)", "description": "An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136).\n\nEmbedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034).\n\npostgresql was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "published": "2010-01-19T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44051", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-10-29T13:36:43"}, {"id": "SUSE_11_2_POSTGRESQL-100111.NASL", "type": "nessus", "title": "openSUSE Security Update : postgresql (postgresql-1773)", "description": "An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136).\n\nEmbedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034).\n\npostgresql was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "published": "2010-01-19T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44054", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-10-29T13:35:15"}, {"id": "SUSE_11_1_POSTGRESQL-100108.NASL", "type": "nessus", "title": "openSUSE Security Update : postgresql (postgresql-1773)", "description": "An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136).\n\nEmbedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034).\n\npostgresql was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "published": "2010-01-19T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=44052", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-10-29T13:35:43"}], "openvas": [{"id": "OPENVAS:1361412562310100400", "type": "openvas", "title": "PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability", "description": "PostgreSQL is prone to a security-bypass vulnerability because the\n application fails to properly validate the domain name in a signed CA\n certificate, allowing attackers to substitute malicious SSL\n certificates for trusted ones.\n\n PostgreSQL is also prone to a local privilege-escalation vulnerability.", "published": "2009-12-16T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100400", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-10-12T12:10:22"}, {"id": "OPENVAS:66566", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-13363 (postgresql)", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13363.", "published": "2009-12-30T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66566", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-07-25T10:57:11"}, {"id": "OPENVAS:66569", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-13381 (postgresql)", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13381.", "published": "2009-12-30T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66569", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-07-25T10:56:04"}, {"id": "OPENVAS:136141256231066566", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-13363 (postgresql)", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13363.", "published": "2009-12-30T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066566", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2018-04-06T11:40:31"}, {"id": "OPENVAS:1361412562310840360", "type": "openvas", "title": "Ubuntu Update for PostgreSQL vulnerabilities USN-876-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-876-1", "published": "2010-01-15T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840360", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2018-01-18T11:05:13"}, {"id": "OPENVAS:840360", "type": "openvas", "title": "Ubuntu Update for PostgreSQL vulnerabilities USN-876-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-876-1", "published": "2010-01-15T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840360", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-12-04T11:18:16"}, {"id": "OPENVAS:136141256231066569", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-13381 (postgresql)", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13381.", "published": "2009-12-30T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066569", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2018-04-06T11:37:22"}, {"id": "OPENVAS:136141256231066611", "type": "openvas", "title": "FreeBSD Ports: postgresql-client, postgresql-server", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2009-12-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066611", "cvelist": ["CVE-2007-6600", "CVE-2009-2408", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2018-04-06T11:39:27"}, {"id": "OPENVAS:66611", "type": "openvas", "title": "FreeBSD Ports: postgresql-client, postgresql-server", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2009-12-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66611", "cvelist": ["CVE-2007-6600", "CVE-2009-2408", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2017-07-02T21:14:08"}, {"id": "OPENVAS:70785", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-22.", "published": "2012-02-12T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=70785", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-3433", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-4015", "CVE-2009-0922", "CVE-2011-2483", "CVE-2009-3231", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-3229", "CVE-2010-1447", "CVE-2009-4136"], "lastseen": "2017-07-24T12:50:52"}], "ubuntu": [{"id": "USN-876-1", "type": "ubuntu", "title": "PostgreSQL vulnerabilities", "description": "It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-4034)\n\nIt was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL. (CVE-2009-4136)", "published": "2010-01-03T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/876-1/", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "lastseen": "2018-03-29T18:20:58"}], "gentoo": [{"id": "GLSA-201110-22", "type": "gentoo", "title": "PostgreSQL: Multiple vulnerabilities", "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the \"intarray\" module enabled, possibly resulting in the execution of arbitrary code with the privileges of the PostgreSQL server process, or a Denial of Service condition. Furthermore, a remote authenticated attacker could execute arbitrary Perl code, cause a Denial of Service condition via different vectors, bypass LDAP authentication, bypass X.509 certificate validation, gain database privileges, exploit weak blowfish encryption and possibly cause other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.2.22:8.2\"\n \n\nAll PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.3.16:8.3\"\n \n\nAll PostgreSQL 8.4 users should upgrade to the latest 8.4 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.4.9:8.4\"\n \n\nAll PostgreSQL 9.0 users should upgrade to the latest 9.0 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-9.0.5:9.0\"\n \n\nAll PostgreSQL 8.2 server users should upgrade to the latest 8.2 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.2.22:8.2\"\n \n\nAll PostgreSQL 8.3 server users should upgrade to the latest 8.3 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.3.16:8.3\"\n \n\nAll PostgreSQL 8.4 server users should upgrade to the latest 8.4 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.4.9:8.4\"\n \n\nAll PostgreSQL 9.0 server users should upgrade to the latest 9.0 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-9.0.5:9.0\"\n \n\nThe old unsplit PostgreSQL packages have been removed from portage. Users still using them are urged to migrate to the new PostgreSQL packages as stated above and to remove the old package: \n \n \n # emerge --unmerge \"dev-db/postgresql\"", "published": "2011-10-25T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201110-22", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-3433", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-4015", "CVE-2009-0922", "CVE-2011-2483", "CVE-2009-3231", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-3229", "CVE-2010-1447", "CVE-2009-4136"], "lastseen": "2016-09-06T19:46:37"}], "oraclelinux": [{"id": "ELSA-2010-0427", "type": "oraclelinux", "title": "postgresql security update", "description": "[7.3.21-3]\n- Fix CVE-2010-1169, CVE-2010-1170, CVE-2009-4136, CVE-2010-0733, CVE-2010-0442\n via back-ports of upstream patches for Postgres 7.4\nResolves: #589541", "published": "2010-05-19T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0427.html", "cvelist": ["CVE-2010-1170", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "lastseen": "2016-09-04T11:16:15"}, {"id": "ELSA-2010-0429", "type": "oraclelinux", "title": "postgresql security update", "description": "[8.1.21-1.el5_5.1]\n- Update to PostgreSQL 8.1.21 to fix CVE-2010-1169, CVE-2010-1170,\n CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs\n described at\n http://www.postgresql.org/docs/8.1/static/release.html\nResolves: #586058", "published": "2010-05-19T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0429.html", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "lastseen": "2016-09-04T11:16:44"}, {"id": "ELSA-2010-0428", "type": "oraclelinux", "title": "postgresql security update", "description": "[7.4.29-1.el4_8.1]\n- Update to PostgreSQL 7.4.29 to fix CVE-2010-1169, CVE-2010-1170,\n CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs\n described at\n http://www.postgresql.org/docs/7.4/static/release.html\nResolves: #586056\n[7.4.26-1.el4_8.1]\n- Update to PostgreSQL 7.4.26 to fix CVE-2009-0922, CVE-2009-3230,\n and assorted other bugs described at\n http://www.postgresql.org/docs/7.4/static/release.html\nResolves: #525282", "published": "2010-05-19T00:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2010-0428.html", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-0922", "CVE-2009-3230", "CVE-2009-4136"], "lastseen": "2016-09-04T11:15:57"}], "redhat": [{"id": "RHSA-2010:0427", "type": "redhat", "title": "(RHSA-2010:0427) Moderate: postgresql security update", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted (\"service rhdb restart\") for this\nupdate to take effect.\n", "published": "2010-05-19T04:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0427", "cvelist": ["CVE-2009-4136", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-1169", "CVE-2010-1170"], "lastseen": "2018-05-27T21:43:08"}, {"id": "RHSA-2010:0429", "type": "redhat", "title": "(RHSA-2010:0429) Moderate: postgresql security update", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 8.1.21. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n", "published": "2010-05-19T04:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0429", "cvelist": ["CVE-2009-4136", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-1169", "CVE-2010-1170", "CVE-2010-1975"], "lastseen": "2017-09-09T07:20:22"}, {"id": "RHSA-2010:0428", "type": "redhat", "title": "(RHSA-2010:0428) Moderate: postgresql security update", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n", "published": "2010-05-19T04:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2010:0428", "cvelist": ["CVE-2009-4136", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-1169", "CVE-2010-1170", "CVE-2010-1975"], "lastseen": "2017-09-09T07:19:52"}], "centos": [{"id": "CESA-2010:0427", "type": "centos", "title": "rh security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0427\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted (\"service rhdb restart\") for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016640.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016642.html\n\n**Affected packages:**\nrh-postgresql\nrh-postgresql-contrib\nrh-postgresql-devel\nrh-postgresql-docs\nrh-postgresql-jdbc\nrh-postgresql-libs\nrh-postgresql-pl\nrh-postgresql-python\nrh-postgresql-server\nrh-postgresql-tcl\nrh-postgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0427.html", "published": "2010-05-21T23:01:26", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/016640.html", "cvelist": ["CVE-2010-1170", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "lastseen": "2017-10-12T14:45:48"}, {"id": "CESA-2010:0429", "type": "centos", "title": "postgresql security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0429\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 8.1.21. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016650.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016652.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0429.html", "published": "2010-05-28T11:45:13", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/016650.html", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "lastseen": "2017-10-03T18:24:33"}, {"id": "CESA-2010:0428", "type": "centos", "title": "postgresql security update", "description": "**CentOS Errata and Security Advisory** CESA-2010:0428\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016645.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016646.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-jdbc\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0428.html", "published": "2010-05-21T23:22:02", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/016645.html", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "lastseen": "2017-10-03T18:24:53"}]}}
