Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201209-24
HistorySep 28, 2012 - 12:00 a.m.

PostgreSQL: Multiple vulnerabilities

2012-09-2800:00:00
Gentoo Foundation
security.gentoo.org
18

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.0%

JSON

Background

PostgreSQL is an open source object-relational database management system.

Description

Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could spoof SSL connections. Furthermore, a remote authenticated attacker could cause a Denial of Service, read and write arbitrary files, inject SQL commands into dump scripts, or bypass database restrictions to execute database functions.

A context-dependent attacker could more easily obtain access via authentication attempts with an initial substring of the intended password.

Workaround

There is no known workaround at this time.

Resolution

All PostgreSQL 9.1 server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.1.5"

All PostgreSQL 9.0 server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-9.0.9"

All PostgreSQL 8.4 server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-8.4.13"

All PostgreSQL 8.3 server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-server-8.3.20"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/postgresql-server< 9.1.5UNKNOWN

Related

openvas 82
fedora 11
nessus 63
oraclelinux 4
veracode 5
debian 3
redhat 5
centos 4
securityvulns 6
amazon 3
ubuntu 3
seebug 3
osv 3
freebsd 2
cve 1
prion 1
openvas
openvas
Fedora Update for postgresql FEDORA-2012-12156
2012-08-30 00:00:00
Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)
2012-10-03 00:00:00
Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)
2012-10-03 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: postgresql-9.1.5-1.fc16
2012-08-26 00:21:52
[SECURITY] Fedora 15 Update: postgresql-9.0.8-1.fc15
2012-06-15 12:29:05
[SECURITY] Fedora 16 Update: postgresql-9.1.4-1.fc16
2012-06-15 12:21:20
nessus
nessus
GLSA-201209-24 : PostgreSQL: Multiple vulnerabilities
2012-09-29 00:00:00
SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)
2013-01-25 00:00:00
openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1288-1)
2014-06-13 00:00:00
oraclelinux
oraclelinux
postgresql and postgresql84 security update
2012-06-25 00:00:00
postgresql and postgresql84 security update
2012-05-21 00:00:00
postgresql and postgresql84 security update
2012-09-13 00:00:00
veracode
veracode
Spoofing Vulnerability
2019-05-02 04:41:15
Information Disclosure
2019-05-02 04:43:13
Denial Of Service (DoS)
2019-05-02 04:42:10
debian
debian
[SECURITY] [DSA 2418-1] postgresql-8.4 security update
2012-02-27 17:43:53
[SECURITY] [DSA 2534-1] postgresql-8.4 security update
2012-08-25 16:24:24
[SECURITY] [DSA 2491-1] postgresql-8.4 security update
2012-06-09 11:57:54
redhat
redhat
(RHSA-2012:0678) Moderate: postgresql and postgresql84 security update
2012-05-21 00:00:00
(RHSA-2012:1263) Moderate: postgresql and postgresql84 security update
2012-09-13 00:00:00
(RHSA-2012:1037) Moderate: postgresql and postgresql84 security update
2012-06-25 00:00:00
centos
centos
postgresql, postgresql84 security update
2012-05-21 16:41:51
postgresql, postgresql84 security update
2012-09-13 17:57:44
postgresql, postgresql84 security update
2012-06-25 22:38:39
securityvulns
securityvulns
[ MDVSA-2012:026 ] postgresql
2012-03-09 00:00:00
PostgreSQL privilege escalation
2012-08-27 00:00:00
[USN-1542-1] PostgreSQL vulnerabilities
2012-08-27 00:00:00
amazon
amazon
Medium: postgresql8
2012-05-23 10:08:00
Medium: postgresql8
2012-09-22 21:38:00
Medium: postgresql8
2012-07-05 16:08:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2012-02-28 00:00:00
PostgreSQL vulnerabilities
2012-08-21 00:00:00
PostgreSQL vulnerabilities
2012-06-05 00:00:00
seebug
seebug
PostgreSQL 8.x/9.x 存在多个安全漏洞
2012-02-29 00:00:00
PostgreSQL 'xslt_process()'任意文件创建或覆盖漏洞
2012-08-21 00:00:00
PostgreSQL 'xml_parse()'任意文件访问漏洞
2012-08-21 00:00:00
osv
osv
postgresql-8.4 - several
2012-02-27 00:00:00
postgresql-8.4 - several
2012-08-25 00:00:00
postgresql-8.4 - several
2012-06-09 00:00:00
freebsd
freebsd
databases/postgresql*-client -- multiple vulnerabilities
2012-02-27 00:00:00
databases/postgresql*-server -- multiple vulnerabilities
2012-08-17 00:00:00
cve
cve
CVE-2012-2655
2012-07-18 23:55:00
prion
prion
Xxe
2012-10-03 21:55:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.0%

JSON
Related for GLSA-201209-24
openvas82fedora11nessus63oraclelinux4veracode5debian3redhat5centos4securityvulns6amazon3ubuntu3seebug3osv3freebsd2cve1prion1