Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1789-1
HistoryApr 04, 2013 - 12:00 a.m.

PostgreSQL vulnerabilities

2013-04-0400:00:00
ubuntu.com
37

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

9.8

Confidence

High

EPSS

0.971

Percentile

99.8%

JSON

Releases

  • Ubuntu 12.10
  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 10.04
  • Ubuntu 8.04

Packages

  • postgresql-8.3 - Object-relational SQL database
  • postgresql-8.4 - Object-relational SQL database
  • postgresql-9.1 - Object-relational SQL database

Details

Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL
incorrectly handled certain connection requests containing database names
starting with a dash. A remote attacker could use this flaw to damage or
destroy files within a serverโ€™s data directory. This issue only applied to
Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1899)

Marko Kreen discovered that PostgreSQL incorrectly generated random
numbers. An authenticated attacker could use this flaw to possibly guess
another database userโ€™s random numbers. (CVE-2013-1900)

Noah Misch discovered that PostgreSQL incorrectly handled certain privilege
checks. An unprivileged attacker could use this flaw to possibly interfere
with in-progress backups. This issue only applied to Ubuntu 11.10,
Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1901)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchpostgresql-8.3<ย 8.3.23-0ubuntu8.04.1UNKNOWN
Ubuntu8.04noarchlibecpg-compat3<ย 8.3.23-0ubuntu8.04.1UNKNOWN
Ubuntu8.04noarchlibecpg-dev<ย 8.3.23-0ubuntu8.04.1UNKNOWN
Ubuntu8.04noarchlibecpg6<ย 8.3.23-0ubuntu8.04.1UNKNOWN
Ubuntu8.04noarchlibpgtypes3<ย 8.3.23-0ubuntu8.04.1UNKNOWN
Ubuntu8.04noarchlibpq-dev<ย 8.3.23-0ubuntu8.04.1UNKNOWN
Ubuntu8.04noarchlibpq5<ย 8.3.23-0ubuntu8.04.1UNKNOWN
Ubuntu8.04noarchpostgresql-client-8.3<ย 8.3.23-0ubuntu8.04.1UNKNOWN
Ubuntu8.04noarchpostgresql-contrib-8.3<ย 8.3.23-0ubuntu8.04.1UNKNOWN
Ubuntu8.04noarchpostgresql-plperl-8.3<ย 8.3.23-0ubuntu8.04.1UNKNOWN
Rows per page:
1-10 of 701

Related

openvas 31
debian 5
nessus 28
fedora 3
securityvulns 6
amazon 2
suse 5
freebsd 1
vmware 1
osv 5
threatpost 1
ubuntucve 3
checkpoint_advisories 1
metasploit 1
huawei 2
seebug 2
postgresql 3
nvd 3
cvelist 3
prion 3
veracode 1
cve 3
packetstorm 1
redhat 1
gentoo 1
centos 1
oraclelinux 1
oracle 1
openvas
openvas
Debian Security Advisory DSA 2657-1 (postgresql-8.4 - guessable random numbers)
2013-04-04 00:00:00
Ubuntu Update for postgresql-9.1 USN-1789-1
2013-04-05 00:00:00
Debian Security Advisory DSA 2658-1 (postgresql-9.1 - several vulnerabilities)
2013-04-04 00:00:00
debian
debian
[BSA-080] Security Update for postgresql-9.1
2013-04-08 08:27:20
[SECURITY] [DSA 2658-1] postgresql-9.1 security update
2013-04-04 14:06:34
[SECURITY] [DSA 2657-1] postgresql-8.4 security update
2013-04-04 13:47:32
nessus
nessus
openSUSE Security Update : postgresql91 (openSUSE-SU-2013:0627-1)
2014-06-13 00:00:00
Debian DSA-2657-1 : postgresql-8.4 - guessable random numbers
2013-04-05 00:00:00
Amazon Linux AMI : postgresql9 (ALAS-2013-178)
2013-09-04 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: postgresql-9.2.4-1.fc19
2013-04-20 19:59:46
[SECURITY] Fedora 18 Update: postgresql-9.2.4-1.fc18
2013-04-05 22:59:41
[SECURITY] Fedora 17 Update: postgresql-9.1.9-1.fc17
2013-04-05 23:11:53
securityvulns
securityvulns
PostgreSQL multiple security vulnerabilities
2013-04-08 00:00:00
[USN-1789-1] PostgreSQL vulnerabilities
2013-04-08 00:00:00
ESA-2013-040: RSAยฎ Authentication Manager 8.0 Multiple Vulnerabilities
2013-06-04 00:00:00
amazon
amazon
Critical: postgresql9
2013-04-04 11:49:00
Medium: postgresql8
2013-11-03 12:09:00
suse
suse
postgresql: security and bugfix update to 9.0.13 (important)
2013-04-08 07:04:30
postgresql92: Various security fixes. Update to 9.2.4. (important)
2013-04-05 10:04:42
Security update for PostgreSQL (important)
2013-04-05 19:06:20
freebsd
freebsd
PostgreSQL -- anonymous remote access data corruption vulnerability
2013-04-04 00:00:00
vmware
vmware
VMware vFabric Postgres security updates
2013-04-04 00:00:00
osv
osv
postgresql-9.1 - several
2013-04-04 00:00:00
postgresql-8.4 - guessable random numbers
2013-04-04 00:00:00
libecpg6-32bit-9.5.4-1.2 on GA media
2024-06-15 00:00:00
threatpost
threatpost
Vulnerability Patched in PostgreSQL Database Server
2013-04-04 14:41:38
ubuntucve
ubuntucve
CVE-2013-1899
2013-04-04 00:00:00
CVE-2013-1901
2013-04-04 00:00:00
CVE-2013-1900
2013-04-04 00:00:00
checkpoint_advisories
checkpoint_advisories
PostgreSQL Database Name Command Line Flag Injection (CVE-2013-1899)
2013-11-18 00:00:00
metasploit
metasploit
PostgreSQL Database Name Command Line Flag Injection
2013-04-04 15:19:47
huawei
huawei
Security Advisory - Command Injection Vulnerability in the GaussDB
2017-05-31 00:00:00
Security Advisory - Authentication Bypass Vulnerability in the Backup Function of GaussDB
2017-05-31 00:00:00
seebug
seebug
PostgreSQL ๆ‹’็ปๆœๅŠกๅ’Œไปฃ็ ๆ‰ง่กŒๆผๆดž(CVE-2013-1899)
2013-04-08 00:00:00
PostgreSQL ๅฎ‰ๅ…จ็ป•่ฟ‡ๆผๆดž(CVE-2013-1901)
2013-04-08 00:00:00
postgresql
postgresql
Vulnerability in core server (CVE-2013-1899)
2013-04-04 17:55:00
Vulnerability in contrib module (CVE-2013-1900)
2013-04-04 17:55:00
Vulnerability in core server (CVE-2013-1901)
2013-04-04 17:55:00
nvd
nvd
CVE-2013-1899
2013-04-04 17:55:00
CVE-2013-1901
2013-04-04 17:55:00
CVE-2013-1900
2013-04-04 17:55:00
cvelist
cvelist
CVE-2013-1901
2013-04-04 17:00:00
CVE-2013-1899
2013-04-04 17:00:00
CVE-2013-1900
2013-04-04 17:00:00
prion
prion
Code injection
2013-04-04 17:55:00
Design/Logic Flaw
2013-04-04 17:55:00
Design/Logic Flaw
2013-04-04 17:55:00
veracode
veracode
Weak Random Number Generator
2019-05-02 04:56:48
cve
cve
CVE-2013-1899
2013-04-04 17:55:00
CVE-2013-1901
2013-04-04 17:55:00
CVE-2013-1900
2013-04-04 17:55:00
packetstorm
packetstorm
PostgreSQL Database Name Command Line Flag Injection
2024-08-31 00:00:00
redhat
redhat
(RHSA-2013:1475) Moderate: postgresql and postgresql84 security update
2013-10-29 00:00:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2014-08-29 00:00:00
centos
centos
postgresql, postgresql84 security update
2013-10-29 20:28:29
oraclelinux
oraclelinux
postgresql and postgresql84 security update
2013-10-29 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

9.8

Confidence

High

EPSS

0.971

Percentile

99.8%

JSON
Related for USN-1789-1
openvas31debian5nessus28fedora3securityvulns6amazon2suse5freebsd1vmware1osv5threatpost1ubuntucve3checkpoint_advisories1metasploit1huawei2seebug2postgresql3nvd3cvelist3prion3veracode1cve3packetstorm1redhat1gentoo1centos1oraclelinux1oracle1