exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2013-1901

Status Candidate

Overview

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

Related Files

Gentoo Linux Security Advisory 201408-15
Posted Sep 2, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201408-15 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which may allow remote Denial of Service. Versions prior to 9.3.3 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0255, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-2669
SHA-256 | bafcfd9d037a64e13d657004fbba9cbe2af1f8cbbe7b4185af4a965e78b19db5
Apple Security Advisory 2013-09-17-1
Posted Sep 17, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-17-1 - OS X Server v2.2.2 is now available and addresses issues in ClamAV, PostgreSQL, and Wiki Server.

tags | advisory
systems | apple, osx
advisories | CVE-2013-2020, CVE-2013-2021, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1034
SHA-256 | c516deac95bf69d79df1127a6874872a55731b550670e67d4698fcc32e5a44ee
Apple Security Advisory 2013-09-12-1
Posted Sep 13, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-12-1 - OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND issues, ClamAV issues, and more.

tags | advisory
systems | apple, osx
advisories | CVE-2012-0883, CVE-2012-2686, CVE-2012-2687, CVE-2012-3499, CVE-2012-3817, CVE-2012-4244, CVE-2012-4558, CVE-2012-5166, CVE-2012-5688, CVE-2013-0166, CVE-2013-0169, CVE-2013-1025, CVE-2013-1026, CVE-2013-1027, CVE-2013-1028, CVE-2013-1029, CVE-2013-1030, CVE-2013-1031, CVE-2013-1032, CVE-2013-1033, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2013-1903
SHA-256 | 6ba59298aa5785b3b0ac181767509f821759a4fbc0ab6e1b3056eb65c22a59a5
Mandriva Linux Security Advisory 2013-142
Posted Apr 12, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-142 - Multiple vulnerabilities has been discovered and corrected in PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service , and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a - (hyphen). PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the contrib/pgcrypto functions. PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the pg_start_backup or pg_stop_backup functions. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2013-0255, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
SHA-256 | 97ef8bcb916420d4415444226f145e62867a5c2ca8b49fbfaeb4914d3e2495a2
Debian Security Advisory 2658-1
Posted Apr 4, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2658-1 - Several vulnerabilities were discovered in PostgreSQL database server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
SHA-256 | 3978a0cac2022d000f6bf2e713a064deb97d8cba9cb799e9a58b9600000c7d1d
Ubuntu Security Notice USN-1789-1
Posted Apr 4, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1789-1 - Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server's data directory. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. Marko Kreen discovered that PostgreSQL incorrectly generated random numbers. An authenticated attacker could use this flaw to possibly guess another database user's random numbers. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
SHA-256 | 3d54aa2573b486a74e8e765aa5c214a84ca4b6d865a5fa2f6fb3b3ebae1f2343
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close