Lucene search

[email protected]NVD:CVE-2012-0868

HistoryJul 18, 2012 - 11:55 p.m.

CVE-2012-0868

2012-07-1823:55:01

CWE-89

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

JSON

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

Affected configurations

NVD

Node

postgresqlpostgresqlMatch8.3

postgresqlpostgresqlMatch8.3.1

postgresqlpostgresqlMatch8.3.2

postgresqlpostgresqlMatch8.3.3

postgresqlpostgresqlMatch8.3.4

postgresqlpostgresqlMatch8.3.5

postgresqlpostgresqlMatch8.3.6

postgresqlpostgresqlMatch8.3.7

postgresqlpostgresqlMatch8.3.8

postgresqlpostgresqlMatch8.3.9

postgresqlpostgresqlMatch8.3.10

postgresqlpostgresqlMatch8.3.11

postgresqlpostgresqlMatch8.3.12

postgresqlpostgresqlMatch8.3.13

postgresqlpostgresqlMatch8.3.14

postgresqlpostgresqlMatch8.3.15

postgresqlpostgresqlMatch8.3.16

postgresqlpostgresqlMatch8.3.17

Node

postgresqlpostgresqlMatch8.4

postgresqlpostgresqlMatch8.4.1

postgresqlpostgresqlMatch8.4.2

postgresqlpostgresqlMatch8.4.3

postgresqlpostgresqlMatch8.4.4

postgresqlpostgresqlMatch8.4.5

postgresqlpostgresqlMatch8.4.6

postgresqlpostgresqlMatch8.4.7

postgresqlpostgresqlMatch8.4.8

postgresqlpostgresqlMatch8.4.9

postgresqlpostgresqlMatch8.4.10

Node

postgresqlpostgresqlMatch9.0

postgresqlpostgresqlMatch9.0.1

postgresqlpostgresqlMatch9.0.2

postgresqlpostgresqlMatch9.0.3

postgresqlpostgresqlMatch9.0.4

postgresqlpostgresqlMatch9.0.5

postgresqlpostgresqlMatch9.0.6

Node

postgresqlpostgresqlMatch9.1

postgresqlpostgresqlMatch9.1.1

postgresqlpostgresqlMatch9.1.2

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.opensuse.org/opensuse-updates/2012-09/msg00060.html

rhn.redhat.com/errata/RHSA-2012-0677.html

rhn.redhat.com/errata/RHSA-2012-0678.html

secunia.com/advisories/49272

secunia.com/advisories/49273

www.debian.org/security/2012/dsa-2418

www.mandriva.com/security/advisories?name=MDVSA-2012:026

www.mandriva.com/security/advisories?name=MDVSA-2012:027

www.postgresql.org/about/news/1377/

www.postgresql.org/docs/8.3/static/release-8-3-18.html

www.postgresql.org/docs/8.4/static/release-8-4-11.html

www.postgresql.org/docs/9.0/static/release-9-0-7.html

www.postgresql.org/docs/9.1/static/release-9-1-3.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

JSON

Related for NVD:CVE-2012-0868

postgresql1 prion1 cve1 ubuntucve1 cvelist1 nessus27 openvas40 redhat2 veracode2 centos2 fedora7 seebug1 osv1 freebsd1 debian1 oraclelinux3 securityvulns1 amazon1 ubuntu1 gentoo1