CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
99.8%
Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL
incorrectly handled certain connection requests containing database names
starting with a dash. A remote attacker could use this flaw to damage or
destroy files within a serverโs data directory. This issue only applied to
Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1899)
Marko Kreen discovered that PostgreSQL incorrectly generated random
numbers. An authenticated attacker could use this flaw to possibly guess
another database userโs random numbers. (CVE-2013-1900)
Noah Misch discovered that PostgreSQL incorrectly handled certain privilege
checks. An unprivileged attacker could use this flaw to possibly interfere
with in-progress backups. This issue only applied to Ubuntu 11.10,
Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1901)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | postgresql-8.3 | <ย 8.3.23-0ubuntu8.04.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | libecpg-compat3 | <ย 8.3.23-0ubuntu8.04.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | libecpg-dev | <ย 8.3.23-0ubuntu8.04.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | libecpg6 | <ย 8.3.23-0ubuntu8.04.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpgtypes3 | <ย 8.3.23-0ubuntu8.04.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpq-dev | <ย 8.3.23-0ubuntu8.04.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | libpq5 | <ย 8.3.23-0ubuntu8.04.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | postgresql-client-8.3 | <ย 8.3.23-0ubuntu8.04.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | postgresql-contrib-8.3 | <ย 8.3.23-0ubuntu8.04.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | postgresql-plperl-8.3 | <ย 8.3.23-0ubuntu8.04.1 | UNKNOWN |