what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2015-3165

Status Candidate

Overview

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

Related Files

Apple Security Advisory 2015-09-16-4
Posted Sep 19, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-16-4 - OS X Server 5.0.3 is now available and addresses denial of service, code execution, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-5704, CVE-2014-0067, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2014-8161, CVE-2014-8500, CVE-2015-0228, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244, CVE-2015-0253, CVE-2015-1349, CVE-2015-3165, CVE-2015-3166, CVE-2015-3167, CVE-2015-3183, CVE-2015-3185, CVE-2015-5911
SHA-256 | 8254c8d55f2667e65687c75dc0e4ebbbd127b907729adba11b4a141d12fc30b2
Gentoo Linux Security Advisory 201507-20
Posted Jul 20, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201507-20 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in execution of arbitrary code or privilege escalation. Versions less than 9.4.3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244, CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
SHA-256 | 48241fb6aa76393d53251ef2f6519ac204edef004621f8f7fd9487e9fd5ce317
Red Hat Security Advisory 2015-1196-01
Posted Jun 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1196-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
SHA-256 | 21a23422eed52f92a03a44240a2d21387667a2aa6bd115db53a8e66a0e93d216
Red Hat Security Advisory 2015-1195-01
Posted Jun 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1195-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
SHA-256 | 326fda39561ebb2685611cba27081731faa2c3f742819f728c63a8c81c7bbbf8
Red Hat Security Advisory 2015-1194-01
Posted Jun 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1194-01 - PostgreSQL is an advanced object-relational database management system. A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
SHA-256 | 7df1d0bc78fc8d84be2cbf7f54933f20a33ddbf05e07e10604dd63a337dfdb36
Ubuntu Security Notice USN-2621-1
Posted May 26, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2621-1 - Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. Noah Misch discovered that PostgreSQL incorrectly handled certain standard library function return values, possibly leading to security issues. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
SHA-256 | 698c9bbae93dfe50fd74e77f2fe4476beaa4cdf32cd2098bad76dae6f209aea5
Debian Security Advisory 3270-1
Posted May 22, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3270-1 - Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-3165, CVE-2015-3166, CVE-2015-3167
SHA-256 | 8873a7dbfa5c7d4cef87a54d372d9f9dca054e3d4a6a2892b4b2e81cb7efebdf
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close