Lucene search

K
nessusTenable6817.PRM
HistoryMay 14, 2013 - 12:00 a.m.

PostgreSQL < 8.4.11 / 9.0.7 / 9.1.3 Multiple Vulnerabilities

2013-05-1400:00:00
Tenable
www.tenable.com
12

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

83.2%

Versions of PostgreSQL earlier than 8.4.11 / 9.0.7 / 9.1.3 are potentially affected by multiple vulnerabilities. It therefore is affected by the following vulnerabilities :

  • Permissions on a function called by a trigger are not properly checked. (CVE-2012-0866)

  • SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities. (CVE-2012-0867)

  • Line breaks in object names can be exploited to execute arbitrary SQL commands when reloading a pg_dump file. (CVE-2012-0868)

Binary data 6817.prm
VendorProductVersionCPE
postgresqlpostgresqlcpe:/a:postgresql:postgresql

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

83.2%