Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:15153
HistoryDec 29, 2009 - 12:00 a.m.

PostgreSQL索引功能权限提升漏洞

2009-12-2900:00:00
Root
www.seebug.org
61

0.027 Low

EPSS

Percentile

89.4%

JSON

BUGTRAQ ID: 37333
CVE ID: CVE-2009-4136

PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。

PostgreSQL在执行数据库超级用户的索引功能期间没有正确地管理session-local状态,这允许通过认证的远程攻击者通过带有特制索引功能的表格获得权限提升。

PostgreSQL PostgreSQL 8.4.x
PostgreSQL PostgreSQL 8.3.x
PostgreSQL PostgreSQL 8.2.x
PostgreSQL PostgreSQL 8.1.x
PostgreSQL PostgreSQL 8.0.x
PostgreSQL PostgreSQL 7.4.x
厂商补丁:

PostgreSQL

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.postgresql.org/about/news.1170

Sun

Sun已经为此发布了一个安全公告(Sun-Alert-6909139)以及相应补丁:
Sun-Alert-6909139:Security Vulnerabilities in PostgreSQL Shipped With Solaris May Allow Escalation of Privileges or Man-in-the-Middle on SSL Connections
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-274870-1

Related

seebug 2
veracode 1
postgresql 1
osv 1
nessus 27
fedora 2
openvas 25
ubuntu 1
debian 1
securityvulns 2
ubuntucve 1
prion 1
cve 1
freebsd 1
oraclelinux 3
redhat 3
centos 3
gentoo 1
seebug
seebug
Ruby on Rails 'protect_from_forgery'跨站脚本请求伪造漏洞
2009-12-17 00:00:00
PostgreSQL索引函数会话状态修改本地特权提升漏洞
2009-12-17 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:48:51
postgresql
postgresql
Vulnerability in core server (CVE-2009-4136)
2009-12-15 18:30:00
osv
osv
postgresql-7.4 postgresql-8.1 postgresql-8.3 - several vulnerabilities
2009-12-31 00:00:00
nessus
nessus
Fedora 11 : postgresql-8.3.9-1.fc11 (2009-13363)
2009-12-18 00:00:00
SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6767)
2010-01-19 00:00:00
SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)
2010-01-19 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: postgresql-8.4.2-1.fc12
2009-12-18 04:39:48
[SECURITY] Fedora 11 Update: postgresql-8.3.9-1.fc11
2009-12-18 04:36:29
openvas
openvas
Fedora Core 12 FEDORA-2009-13381 (postgresql)
2009-12-30 00:00:00
Ubuntu Update for PostgreSQL vulnerabilities USN-876-1
2010-01-15 00:00:00
Fedora Core 11 FEDORA-2009-13363 (postgresql)
2009-12-30 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2010-01-03 00:00:00
debian
debian
[SECURITY] [DSA-1964-1] New PostgreSQL packages fix several vulnerabilities
2009-12-31 16:38:59
securityvulns
securityvulns
PostgreSQL multiple security vulnerabilities
2009-12-15 00:00:00
[ MDVSA-2009:333 ] postgresql
2009-12-15 00:00:00
ubuntucve
ubuntucve
CVE-2009-4136
2009-12-15 00:00:00
prion
prion
Sql injection
2009-12-15 18:30:00
cve
cve
CVE-2009-4136
2009-12-15 18:30:00
freebsd
freebsd
postgresql -- multiple vulnerabilities
2009-11-20 00:00:00
oraclelinux
oraclelinux
postgresql security update
2010-05-19 00:00:00
postgresql security update
2010-05-19 00:00:00
postgresql security update
2010-05-19 00:00:00
redhat
redhat
(RHSA-2010:0427) Moderate: postgresql security update
2010-05-19 00:00:00
(RHSA-2010:0428) Moderate: postgresql security update
2010-05-19 00:00:00
(RHSA-2010:0429) Moderate: postgresql security update
2010-05-19 00:00:00
centos
centos
rh security update
2010-05-21 22:01:26
postgresql security update
2010-05-21 22:22:02
postgresql security update
2010-05-28 10:45:13
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2011-10-25 00:00:00

0.027 Low

EPSS

Percentile

89.4%

JSON
Related for SSV:15153
seebug2veracode1postgresql1osv1nessus27fedora2openvas25ubuntu1debian1securityvulns2ubuntucve1prion1cve1freebsd1oraclelinux3redhat3centos3gentoo1