Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201204-08
HistoryApr 17, 2012 - 12:00 a.m.

Perl DBD-Pg Module: Arbitrary code execution

2012-04-1700:00:00
Gentoo Foundation
security.gentoo.org
8

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON

Background

DBD-Pg is a PostgreSQL interface module for Perl.

Description

Format string vulnerabilities have been found in the the “pg_warn()” and “dbd_st_prepare()” functions in dbdimp.c.

Impact

A remote PostgreSQL server could send specially crafted database warnings or DBD statements, possibly resulting in execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All users of the Perl DBD-Pg module should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-perl/DBD-Pg-2.19.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-perl/dbd-pg< 2.19.0UNKNOWN

Related

nessus 11
redhat 1
veracode 1
ubuntucve 1
openvas 18
cve 1
debiancve 1
fedora 2
centos 1
amazon 1
securityvulns 2
oraclelinux 1
prion 1
debian 1
nessus
nessus
CentOS 5 / 6 : perl-DBD-Pg (CESA-2012:1116)
2012-07-26 00:00:00
Mandriva Linux Security Advisory : perl-DBD-Pg (MDVSA-2012:112)
2012-09-06 00:00:00
Fedora 16 : perl-DBD-Pg-2.19.2-1.fc16 (2012-10871)
2012-08-02 00:00:00
redhat
redhat
(RHSA-2012:1116) Moderate: perl-DBD-Pg security update
2012-07-25 00:00:00
veracode
veracode
Denial Of Service (Dos)
2019-01-15 08:54:54
ubuntucve
ubuntucve
CVE-2012-1151
2012-09-09 00:00:00
openvas
openvas
RedHat Update for perl-DBD-Pg RHSA-2012:1116-01
2012-07-26 00:00:00
Gentoo Security Advisory GLSA 201204-08 (DBD-Pg)
2012-04-30 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-112)
2015-09-08 00:00:00
cve
cve
CVE-2012-1151
2012-09-09 21:55:00
debiancve
debiancve
CVE-2012-1151
2012-09-09 21:55:00
fedora
fedora
[SECURITY] Fedora 16 Update: perl-DBD-Pg-2.19.2-1.fc16
2012-08-01 18:15:18
[SECURITY] Fedora 17 Update: perl-DBD-Pg-2.19.2-1.fc17
2012-08-01 18:25:01
centos
centos
perl security update
2012-07-25 18:33:00
amazon
amazon
Medium: perl-DBD-Pg
2012-08-03 13:50:00
securityvulns
securityvulns
DBD::Pg format string vulnerability
2012-03-19 00:00:00
[SECURITY] [DSA 2431-1] libdbd-pg-perl security update
2012-03-19 00:00:00
oraclelinux
oraclelinux
perl-DBD-Pg security update
2012-07-25 00:00:00
prion
prion
Format string
2012-09-09 21:55:00
debian
debian
[SECURITY] [DSA 2431-1] libdbd-pg-perl security update
2012-03-11 10:25:32

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON
Related for GLSA-201204-08
nessus11redhat1veracode1ubuntucve1openvas18cve1debiancve1fedora2centos1amazon1securityvulns2oraclelinux1prion1debian1