Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-0867

Published: 18/07/2012 Updated: 07/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Opensuse

Vulnerability Summary

PostgreSQL 8.4.x prior to 8.4.11, 9.0.x prior to 9.0.7, and 9.1.x prior to 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote malicious users to spoof connections when the host name is exactly 32 characters.

Vulnerable Product Search on Vulmon Subscribe to Product

opensuse project opensuse 12.2

postgresql postgresql 8.4

postgresql postgresql 8.4.10

postgresql postgresql 8.4.8

postgresql postgresql 8.4.9

postgresql postgresql 8.4.2

postgresql postgresql 8.4.1

postgresql postgresql 8.4.3

postgresql postgresql 8.4.4

postgresql postgresql 8.4.5

postgresql postgresql 8.4.6

postgresql postgresql 8.4.7

postgresql postgresql 9.0

postgresql postgresql 9.0.1

postgresql postgresql 9.0.2

postgresql postgresql 9.0.3

postgresql postgresql 9.0.5

postgresql postgresql 9.0.4

postgresql postgresql 9.0.6

debian debian linux 6.0

redhat enterprise linux workstation 6.0

redhat desktop workstation 5

redhat enterprise linux server aus 6.2

redhat enterprise linux server eus 6.2.z

redhat enterprise linux desktop 5.0

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux 5.0

redhat enterprise linux hpc node 6.0

postgresql postgresql 9.1

postgresql postgresql 9.1.2

postgresql postgresql 9.1.1

Vendor Advisories

Red Hat: Moderate: postgresql and postgresql84 security update
Synopsis Moderate: postgresql and postgresql84 security update Type/Severity Security Advisory: Moderate Topic Updated postgresql84 and postgresql packages that fix three security issuesare now available for Red Hat Enterprise Linux 5 and 6 respectivelyThe Red Hat Security Response Team has rated this upda ...
Ubuntu Security Notice: postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities
Several security issues were fixed in PostgreSQL ...
Debian Security Advisories: DSA-2418-1 postgresql-8.4 -- several vulnerabilities
Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked This could result in privilege escalation CVE-2012-08 ...
Amazon Linux AMI: ALAS-2012-082
The pg_dump utility inserted object names literally into comments in the SQL script it produces An unprivileged database user could create an object whose name includes a newline followed by an SQL command This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation (CVE-2012 ...

References

CWE-20CWE-295http://www.postgresql.org/docs/8.4/static/release-8-4-11.htmlhttp://www.postgresql.org/docs/9.0/static/release-9-0-7.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0678.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:026http://www.postgresql.org/about/news/1377/http://www.debian.org/security/2012/dsa-2418http://www.postgresql.org/docs/9.1/static/release-9-1-3.htmlhttp://lists.opensuse.org/opensuse-updates/2012-09/msg00060.htmlhttp://secunia.com/advisories/49273https://access.redhat.com/errata/RHSA-2012:0678https://usn.ubuntu.com/1378-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook