Lucene search
RootSSV:60720HistoryApr 08, 2013 - 12:00 a.m.
PostgreSQL 拒绝服务和代码执行漏洞(CVE-2013-1899)
2013-04-0800:00:00
Root
www.seebug.org
25
0.972 High
EPSS
Percentile
99.8%
BUGTRAQ ID: 58876
CVE(CAN) ID: CVE-2013-1899
PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。
PostgreSQL 9.2.4, 9.1.9, 9.0.13之前版本存在参数注入漏洞,远程攻击者通过构造以"-"(连字符)开头的数据库名称的连接请求,可以修改配置设置、执行任意代码或者造成拒绝服务。
攻击者造成拒绝服务场景要求攻击者能访问到PostgreSQL开放端口,无需认证。
攻击者能够执行任意代码的场景要求1)攻击者经过认证;2) PostgreSQL服务器的名称和用户名一致。
0
Debian Linux 6.0 x
PostgreSQL 9.x
厂商补丁:
PostgreSQL
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
checkpoint_advisories
checkpoint_advisories
PostgreSQL Database Name Command Line Flag Injection (CVE-2013-1899)
2013-11-18 00:00:00
ubuntucve
ubuntucve
CVE-2013-1899
2013-04-04 00:00:00
threatpost
threatpost
Vulnerability Patched in PostgreSQL Database Server
2013-04-04 14:41:38
metasploit
metasploit
PostgreSQL Database Name Command Line Flag Injection
2013-04-04 15:19:47
huawei
huawei
Security Advisory - Command Injection Vulnerability in the GaussDB
2017-05-31 00:00:00
postgresql
postgresql
Vulnerability in core server (CVE-2013-1899)
2013-04-04 17:55:00
nessus
nessus
PostgreSQL 9.0 < 9.0.13 / 9.1 < 9.1.9 / 9.2 < 9.2.4 File Deletion
2013-04-08 00:00:00
Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities (USN-1789-1)
2013-04-05 00:00:00
Fedora 19 : postgresql-9.2.4-1.fc19 (2013-6148)
2013-04-22 00:00:00
cve
cve
CVE-2013-1899
2013-04-04 17:55:00
prion
prion
Design/Logic Flaw
2013-04-04 17:55:00
openvas
openvas
PostgreSQL Denial of Service Vulnerability (Apr 2013) - Windows
2013-04-09 00:00:00
openSUSE: Security Advisory for postgresql (openSUSE-SU-2013:0635-1)
2013-11-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0633-2)
2021-06-09 00:00:00
osv
osv
postgresql-8.4 - guessable random numbers
2013-04-04 00:00:00
postgresql-9.1 - several
2013-04-04 00:00:00
securityvulns
securityvulns
ESA-2013-040: RSA® Authentication Manager 8.0 Multiple Vulnerabilities
2013-06-04 00:00:00
[USN-1789-1] PostgreSQL vulnerabilities
2013-04-08 00:00:00
EMC RSA Authentication Manager security vulnerabilities
2013-07-15 00:00:00
vmware
vmware
VMware vFabric Postgres security updates
2013-04-04 00:00:00
debian
debian
[SECURITY] [DSA 2657-1] postgresql-8.4 security update
2013-04-04 13:47:32
[SECURITY] [DSA 2658-1] postgresql-9.1 security update
2013-04-04 14:06:41
[BSA-080] Security Update for postgresql-9.1
2013-04-08 08:27:20
suse
suse
postgresql: security and bugfix update to 9.0.13 (important)
2013-04-08 07:04:30
postgresql92: Various security fixes. Update to 9.2.4. (important)
2013-04-05 10:04:42
Security update for PostgreSQL (important)
2013-04-05 19:06:20
freebsd
freebsd
PostgreSQL -- anonymous remote access data corruption vulnerability
2013-04-04 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2013-04-04 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: postgresql-9.2.4-1.fc19
2013-04-20 19:59:46
[SECURITY] Fedora 18 Update: postgresql-9.2.4-1.fc18
2013-04-05 22:59:41
[SECURITY] Fedora 17 Update: postgresql-9.1.9-1.fc17
2013-04-05 23:11:53
amazon
amazon
Critical: postgresql9
2013-04-04 11:49:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2014-08-29 00:00:00