18 matches found
Debian: Security Advisory (DSA-1964-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6768)
The following bugs have been fixed : An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. CVE-2009-4136 Embedded null bytes in the common na...
openSUSE Security Update : postgresql (postgresql-1773)
An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions CVE-2009-4136. Embedded null bytes in the common name of SSL certificates could bypass...
openSUSE Security Update : postgresql (postgresql-1773)
An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions CVE-2009-4136. Embedded null bytes in the common name of SSL certificates could bypass...
SuSE9 Security Update : PostgreSQL (YOU Patch Number 12571)
The following bugs have been fixed : - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. CVE-2009-4136 - Embedded null bytes in the commo...
SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6767)
The following bugs have been fixed : An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. CVE-2009-4136 Embedded null bytes in the common na...
Ubuntu Update for PostgreSQL vulnerabilities USN-876-1
Ubuntu Update for Linux kernel vulnerabilities USN-876-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8761.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for PostgreSQL vulnerabilities USN-876-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities (USN-876-1)
It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. CVE-2009-4034 It was...
USN-876-1: PostgreSQL vulnerabilities
It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. CVE-2009-4034 It wa...
Fedora Core 12 FEDORA-2009-13381 (postgresql)
The remote host is missing an update to postgresql announced via advisory FEDORA-2009-13381. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...
FreeBSD Ports: postgresql-client, postgresql-server
The remote host is missing an update to the system as announced in the referenced advisory. VID e7bc5600-eaa0-11de-bd9c-00215c6a37bb OpenVAS Vulnerability Test $ Description: Auto generated from VID e7bc5600-eaa0-11de-bd9c-00215c6a37bb Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Fedora Core 11 FEDORA-2009-13363 (postgresql)
The remote host is missing an update to postgresql announced via advisory FEDORA-2009-13363. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...
Fedora Core 12 FEDORA-2009-13381 (postgresql)
The remote host is missing an update to postgresql announced via advisory FEDORA-2009-13381. OpenVAS Vulnerability Test $Id: fcore200913381.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-13381 postgresql Authors: Thomas Reinke Copyright: Copyright ...
PostgreSQL CA SSL证书验证漏洞
BUGTRAQ ID: 37334 CVE ID: CVE-2009-4034 PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL没有正确地验证X.509证书主题的通用名称(CN)字符的域名中的空字符(\0),在处理包含有空字符的证书字段时错误地将空字符处理为截止字符,因此只会验证空字符前的部分。例如,对于类似于以下的名称: example.com\0.haxx.se...
PostgreSQL空字符CA SSL整数校验安全绕过漏洞
Bugraq ID: 37334 CVE ID:CVE-2009-4034 PostgreSQL是一款对象关系型数据库管理系统,支持扩展的SQL标准子集。 处理部分证书字段中嵌入空字符的SSL证书存在错误,攻击者可以利用漏洞伪造证书,进行中间人等攻击。 SSL证书中的空字符可用于伪造客户端或服务端验证,只影响启用了SSL,执行证书名校验或客户端证书验证,而其CA已经被诱骗发布了非法证书的用户。 PostgreSQL PostgreSQL 8.4.1 PostgreSQL PostgreSQL 8.3.8 PostgreSQL PostgreSQL 8.3.6 PostgreSQL...
Mandriva Linux Security Advisory : postgresql (MDVSA-2009:333)
Multiple vulnerabilities was discovered and corrected in postgresql : NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the...
CVE-2009-4034
Technical details about CVE-2009-4034 are not publicly available in the provided documents. Monitor for updates.
Vulnerability in core server (CVE-2009-4034)
NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority CA has been tricked into issuing invalid certificates...