Argument injection vulnerability in PostgreSQL 9.2.x prior to 9.2.4, 9.1.x prior to 9.1.9, and 9.0.x prior to 9.0.13 allows remote malicious users to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
postgresql postgresql 9.2.1 |
||
postgresql postgresql 9.2 |
||
postgresql postgresql 9.2.2 |
||
postgresql postgresql 9.2.3 |
||
postgresql postgresql 9.1 |
||
postgresql postgresql 9.1.2 |
||
postgresql postgresql 9.1.3 |
||
postgresql postgresql 9.1.6 |
||
postgresql postgresql 9.1.7 |
||
postgresql postgresql 9.1.4 |
||
postgresql postgresql 9.1.8 |
||
postgresql postgresql 9.1.1 |
||
postgresql postgresql 9.1.5 |
||
postgresql postgresql 9.0.8 |
||
postgresql postgresql 9.0.7 |
||
postgresql postgresql 9.0.1 |
||
postgresql postgresql 9.0.11 |
||
postgresql postgresql 9.0.10 |
||
postgresql postgresql 9.0 |
||
postgresql postgresql 9.0.3 |
||
postgresql postgresql 9.0.9 |
||
postgresql postgresql 9.0.4 |
||
postgresql postgresql 9.0.5 |
||
postgresql postgresql 9.0.2 |
||
postgresql postgresql 9.0.6 |
||
postgresql postgresql 9.0.12 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 12.04 |
Crashable and hackable
The maintainers of the PostgreSQL database have released an urgent patch to cope with a vulnerability that allows remote users to crash servers, while authenticated users can execute arbitrary code. It's time for admins to get busy: the Shodan tool identifies around 170,000 servers that are visible from the Internet, here. As the advisory CVE-2013-1899 notes, an argument injection vulnerability “allows remote attackers to cause a denial of service (file corruption), and allows remote authentic...