Versions of PostgreSQL earlier than 8.4.11 / 9.0.7 / 9.1.3 are potentially affected by multiple vulnerabilities. It therefore is affected by the following vulnerabilities :
Permissions on a function called by a trigger are not properly checked. (CVE-2012-0866)
SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities. (CVE-2012-0867)
Line breaks in object names can be exploited to execute arbitrary SQL commands when reloading a pg_dump file. (CVE-2012-0868)
Binary data 6817.prm
Vendor | Product | Version | CPE |
---|---|---|---|
postgresql | postgresql | cpe:/a:postgresql:postgresql |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0866
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0867
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0868
www.postgresql.org/about/news/1377
www.postgresql.org/docs/8.4/static/release-8-4-11.html
www.postgresql.org/docs/9.0/static/release-9-0-7.html
www.postgresql.org/docs/9.1/static/release-9-1-3.html