Published: 18/07/2012 Updated: 08/12/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 607

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x prior to 8.3.18, 8.4.x prior to 8.4.11, 9.0.x prior to 9.0.7, and 9.1.x prior to 9.1.3 allows user-assisted remote malicious users to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 8.3.6
postgresql postgresql 8.3.10
postgresql postgresql 8.3.3
postgresql postgresql 8.3
postgresql postgresql 8.3.8
postgresql postgresql 8.3.13
postgresql postgresql 8.3.1
postgresql postgresql 8.3.4
postgresql postgresql 8.3.11
postgresql postgresql 8.3.5
postgresql postgresql 8.3.2
postgresql postgresql 8.3.15
postgresql postgresql 8.3.14
postgresql postgresql 8.3.9
postgresql postgresql 8.3.7
postgresql postgresql 8.3.12
postgresql postgresql 8.3.17
postgresql postgresql 8.3.16
postgresql postgresql 8.4.1
postgresql postgresql 8.4.6
postgresql postgresql 8.4.9
postgresql postgresql 8.4.10
postgresql postgresql 8.4.5
postgresql postgresql 8.4.7
postgresql postgresql 8.4.8
postgresql postgresql 8.4.3
postgresql postgresql 8.4.4
postgresql postgresql 8.4
postgresql postgresql 8.4.2
postgresql postgresql 9.0.5
postgresql postgresql 9.0.6
postgresql postgresql 9.0.3
postgresql postgresql 9.0.4
postgresql postgresql 9.0.1
postgresql postgresql 9.0.2
postgresql postgresql 9.0
postgresql postgresql 9.1.2
postgresql postgresql 9.1
postgresql postgresql 9.1.1

Several security issues were fixed in PostgreSQL ...

Synopsis Moderate: postgresql security update Type/Severity Security Advisory: Moderate Topic Updated postgresql packages that fix two security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabil ...

Synopsis Moderate: postgresql and postgresql84 security update Type/Severity Security Advisory: Moderate Topic Updated postgresql84 and postgresql packages that fix three security issuesare now available for Red Hat Enterprise Linux 5 and 6 respectivelyThe Red Hat Security Response Team has rated this upda ...

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked This could result in privilege escalation CVE-2012-08 ...

The pg_dump utility inserted object names literally into comments in the SQL script it produces An unprivileged database user could create an object whose name includes a newline followed by an SQL command This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation (CVE-2012 ...

CWE-89 http://www.mandriva.com/security/advisories?name=MDVSA-2012:026 http://www.postgresql.org/docs/9.0/static/release-9-0-7.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:027 http://www.postgresql.org/docs/8.3/static/release-8-3-18.html http://www.postgresql.org/docs/9.1/static/release-9-1-3.html http://rhn.redhat.com/errata/RHSA-2012-0677.html http://rhn.redhat.com/errata/RHSA-2012-0678.html http://www.debian.org/security/2012/dsa-2418 http://www.postgresql.org/about/news/1377/http://www.postgresql.org/docs/8.4/static/release-8-4-11.html http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html http://secunia.com/advisories/49272 http://secunia.com/advisories/49273 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://usn.ubuntu.com/1378-1/https://nvd.nist.gov

CVE-2012-0868

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect