Lucene search

K
nessusTenable6337.PRM
HistoryFeb 28, 2012 - 12:00 a.m.

PostgreSQL < 9.1.3 / 9.0.7 / 8.4.11 Multiple Vulnerabilities

2012-02-2800:00:00
Tenable
www.tenable.com
10

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

83.2%

Versions of PostgreSQL earlier than 9.1.3, 9.0.7, 8.4.11 and are potentially affected by the following vulnerabilities :

  • Permissions on a function called by a trigger are not properly checked. (CVE-2012-0866)

  • SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificates. (CVE-2012-0867)

  • Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file. (CVE-2012-0868)

Binary data 6337.prm
VendorProductVersionCPE
postgresqlpostgresqlcpe:/a:postgresql:postgresql

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

83.2%