Lucene search
GoogleOSV:DSA-2418-1HistoryFeb 27, 2012 - 12:00 a.m.
postgresql-8.4 - several
2012-02-2700:00:00
Google
osv.dev
6
EPSS
0.009
Percentile
83.2%
Several local vulnerabilities have been discovered in PostgreSQL, an
object-relational SQL database. The Common Vulnerabilities and Exposures
project identifies the following problems:
- CVE-2012-0866
It was discovered that the permissions of a function called by a
trigger are not checked. This could result in privilege escalation. - CVE-2012-0867
It was discovered that only the first 32 characters of a host name
are checked when validating host names through SSL certificates.
This could result in spoofing the connection in limited
circumstances. - CVE-2012-0868
It was discovered that pg_dump did not sanitise object names.
This could result in arbitrary SQL command execution if a
malformed dump file is opened.
For the stable distribution (squeeze), this problem has been fixed in
version 8.4.11-0squeeze1.
For the unstable distribution (sid), this problem has been fixed in
version 8.4.11-1.
We recommend that you upgrade your postgresql-8.4 packages.
References
Related
nessus
nessus
Fedora 15 : postgresql-9.0.7-1.fc15 (2012-2589)
2012-03-08 00:00:00
PostgreSQL < 9.1.3 / 9.0.7 / 8.4.11 Multiple Vulnerabilities
2012-02-28 00:00:00
openvas
openvas
Fedora Update for postgresql FEDORA-2012-2589
2012-03-09 00:00:00
Fedora Update for postgresql FEDORA-2012-2591
2012-04-02 00:00:00
Mandriva Update for postgresql MDVSA-2012:026 (postgresql)
2012-03-07 00:00:00
centos
centos
postgresql, postgresql84 security update
2012-05-21 16:41:51
postgresql security update
2012-05-21 16:39:19
redhat
redhat
(RHSA-2012:0678) Moderate: postgresql and postgresql84 security update
2012-05-21 00:00:00
(RHSA-2012:0677) Moderate: postgresql security update
2012-05-21 00:00:00
veracode
veracode
Spoofing Vulnerability
2019-05-02 04:41:15
Arbitrary Code Execution
2019-05-02 04:41:14
Privilege Escalation
2019-01-15 08:51:21
debian
debian
[SECURITY] [DSA 2418-1] postgresql-8.4 security update
2012-02-27 17:43:53
oraclelinux
oraclelinux
postgresql and postgresql84 security update
2012-05-21 00:00:00
postgresql and postgresql84 security update
2012-06-25 00:00:00
postgresql security update
2012-05-21 00:00:00
freebsd
freebsd
databases/postgresql*-client -- multiple vulnerabilities
2012-02-27 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: postgresql-9.0.7-1.fc15
2012-03-08 04:51:57
[SECURITY] Fedora 16 Update: postgresql-9.1.3-1.fc16
2012-03-08 04:54:15
[SECURITY] Fedora 16 Update: postgresql-9.1.3-1.fc16
2012-03-08 04:01:20
amazon
amazon
Medium: postgresql8
2012-05-23 10:08:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2012-02-28 00:00:00
securityvulns
securityvulns
[ MDVSA-2012:026 ] postgresql
2012-03-09 00:00:00
PostgreSQL vulnerabilities
2012-03-09 00:00:00
seebug
seebug
PostgreSQL 8.x/9.x 存在多个安全漏洞
2012-02-29 00:00:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2012-09-28 00:00:00
cvelist
cvelist
prion
prion
Code injection
2012-07-18 23:55:00
Crlf injection
2012-07-18 23:55:00
Design/Logic Flaw
2012-07-18 23:55:00
cve
cve
ubuntucve
ubuntucve
nvd
nvd
postgresql
postgresql
Vulnerability in core server (CVE-2012-0867)
2012-07-18 23:55:00
Vulnerability in core server (CVE-2012-0868)
2012-07-18 23:55:00
Vulnerability in core server (CVE-2012-0866)
2012-07-18 23:55:00