Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2013-1899

Published: 04/04/2013 Updated: 01/12/2013
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 730
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Postgresql

Vulnerability Summary

Argument injection vulnerability in PostgreSQL 9.2.x prior to 9.2.4, 9.1.x prior to 9.1.9, and 9.0.x prior to 9.0.13 allows remote malicious users to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql 9.2.1

postgresql postgresql 9.2

postgresql postgresql 9.2.2

postgresql postgresql 9.2.3

postgresql postgresql 9.1

postgresql postgresql 9.1.2

postgresql postgresql 9.1.3

postgresql postgresql 9.1.6

postgresql postgresql 9.1.7

postgresql postgresql 9.1.4

postgresql postgresql 9.1.8

postgresql postgresql 9.1.1

postgresql postgresql 9.1.5

postgresql postgresql 9.0.8

postgresql postgresql 9.0.7

postgresql postgresql 9.0.1

postgresql postgresql 9.0.11

postgresql postgresql 9.0.10

postgresql postgresql 9.0

postgresql postgresql 9.0.3

postgresql postgresql 9.0.9

postgresql postgresql 9.0.4

postgresql postgresql 9.0.5

postgresql postgresql 9.0.2

postgresql postgresql 9.0.6

postgresql postgresql 9.0.12

canonical ubuntu linux 8.04

canonical ubuntu linux 11.10

canonical ubuntu linux 10.04

canonical ubuntu linux 12.10

canonical ubuntu linux 12.04

Vendor Advisories

Debian CVElist Bug Report Logs: postgresql: high-exposure security vulnerability
Debian Bug report logs - #704479 postgresql: high-exposure security vulnerability Package: postgresql-91; Maintainer for postgresql-91 is Debian PostgreSQL Maintainers <pkg-postgresql-public@listsaliothdebianorg>; Reported by: Hleb Valoshka <375gnu@gmailcom> Date: Mon, 1 Apr 2013 17:33:01 UTC Severity: critica ...
Ubuntu Security Notice: postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities
Several security issues were fixed in PostgreSQL ...
Debian Security Advisories: DSA-2658-1 postgresql-9.1 -- several vulnerabilities
Several vulnerabilities were discovered in PostgreSQL database server CVE-2013-1899 Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center discovered that it was possible for a connection request containing a database name that begins with - to be crafted that can damage or destroy files within a server's data di ...
Debian Security Advisories: DSA-2657-1 postgresql-8.4 -- guessable random numbers
A vulnerability was discovered in PostgreSQL database server Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess For the stable distribution (squeeze), this problem has been fixed in version 8417-0squeeze1 For the testing (wheezy) and unstable distribution (sid), postgresql-84 packages have be ...
Amazon Linux AMI: ALAS-2013-178
Argument injection vulnerability in PostgreSQL 92x before 924, 91x before 919, and 90x before 9013 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "- ...
Red Hat: CVE-2013-1899
Argument injection vulnerability in PostgreSQL 92x before 924, 91x before 919, and 90x before 9013 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "- ...

Exploits

Exploit DB: PostgreSQL Database Name Command Line Flag Injection
This module can identify PostgreSQL 90, 91, and 92 servers that are vulnerable to command-line flag injection through CVE-2013-1899 This can lead to denial of service, privilege escalation, or even arbitrary code execution ...
Exploit DB: PostgreSQL Database Name Command Line Flag Injection
This module can identify PostgreSQL 90, 91, and 92 servers that are vulnerable to command-line flag injection through CVE-2013-1899 This can lead to denial of service, privilege escalation, or even arbitrary code execution ...

Metasploit Modules

PostgreSQL Database Name Command Line Flag Injection

This module can identify PostgreSQL 9.0, 9.1, and 9.2 servers that are vulnerable to command-line flag injection through CVE-2013-1899. This can lead to denial of service, privilege escalation, or even arbitrary code execution.

msf > use auxiliary/scanner/postgres/postgres_dbname_flag_injection
msf auxiliary(postgres_dbname_flag_injection) > show actions
    ...actions...
msf auxiliary(postgres_dbname_flag_injection) > set ACTION < action-name >
msf auxiliary(postgres_dbname_flag_injection) > show options
    ...show and set options...
msf auxiliary(postgres_dbname_flag_injection) > run
PostgreSQL Database Name Command Line Flag Injection

This module can identify PostgreSQL 9.0, 9.1, and 9.2 servers that are vulnerable to command-line flag injection through CVE-2013-1899. This can lead to denial of service, privilege escalation, or even arbitrary code execution.

msf > use auxiliary/scanner/postgres/postgres_dbname_flag_injection
msf auxiliary(postgres_dbname_flag_injection) > show actions
    ...actions...
msf auxiliary(postgres_dbname_flag_injection) > set ACTION < action-name >
msf auxiliary(postgres_dbname_flag_injection) > show options
    ...show and set options...
msf auxiliary(postgres_dbname_flag_injection) > run

Recent Articles

Patch time for PostgreSQL
The Register • Richard Chirgwin • 04 Apr 2013

Crashable and hackable

The maintainers of the PostgreSQL database have released an urgent patch to cope with a vulnerability that allows remote users to crash servers, while authenticated users can execute arbitrary code. It's time for admins to get busy: the Shodan tool identifies around 170,000 servers that are visible from the Internet, here. As the advisory CVE-2013-1899 notes, an argument injection vulnerability “allows remote attackers to cause a denial of service (file corruption), and allows remote authentic...

Read more...

References

CWE-94http://www.postgresql.org/support/security/faq/2013-04-04/http://www.postgresql.org/docs/current/static/release-9-1-9.htmlhttp://www.postgresql.org/docs/current/static/release-9-0-13.htmlhttp://www.ubuntu.com/usn/USN-1789-1http://www.postgresql.org/docs/current/static/release-9-2-4.htmlhttp://www.postgresql.org/about/news/1456/http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.htmlhttp://www.debian.org/security/2013/dsa-2658http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:142http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://support.apple.com/kb/HT5880http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.htmlhttp://support.apple.com/kb/HT5892http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704479https://usn.ubuntu.com/1789-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-1899
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook