Published: 04/04/2013 Updated: 20/10/2017

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

VMScore: 758

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

PostgreSQL 9.2.x prior to 9.2.4, 9.1.x prior to 9.1.9, 9.0.x prior to 9.0.13, and 8.4.x prior to 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 9.2.2
postgresql postgresql 9.2.1
postgresql postgresql 9.2
postgresql postgresql 9.2.3
postgresql postgresql 9.1.6
postgresql postgresql 9.1
postgresql postgresql 9.1.1
postgresql postgresql 9.1.5
postgresql postgresql 9.1.8
postgresql postgresql 9.1.2
postgresql postgresql 9.1.7
postgresql postgresql 9.1.3
postgresql postgresql 9.1.4
postgresql postgresql 9.0.12
postgresql postgresql 9.0
postgresql postgresql 9.0.5
postgresql postgresql 9.0.1
postgresql postgresql 9.0.2
postgresql postgresql 9.0.8
postgresql postgresql 9.0.7
postgresql postgresql 9.0.11
postgresql postgresql 9.0.10
postgresql postgresql 9.0.3
postgresql postgresql 9.0.9
postgresql postgresql 9.0.6
postgresql postgresql 9.0.4
postgresql postgresql 8.4.15
postgresql postgresql 8.4.6
postgresql postgresql 8.4
postgresql postgresql 8.4.4
postgresql postgresql 8.4.16
postgresql postgresql 8.4.5
postgresql postgresql 8.4.11
postgresql postgresql 8.4.3
postgresql postgresql 8.4.7
postgresql postgresql 8.4.12
postgresql postgresql 8.4.1
postgresql postgresql 8.4.9
postgresql postgresql 8.4.2
postgresql postgresql 8.4.13
postgresql postgresql 8.4.14
postgresql postgresql 8.4.10
postgresql postgresql 8.4.8
canonical ubuntu linux 8.04
canonical ubuntu linux 11.10
canonical ubuntu linux 10.04
canonical ubuntu linux 12.10
canonical ubuntu linux 12.04

Synopsis Moderate: postgresql and postgresql84 security update Type/Severity Security Advisory: Moderate Topic Updated postgresql and postgresql84 packages that fix two security issuesare now available for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having mo ...

Debian Bug report logs - #704479 postgresql: high-exposure security vulnerability Package: postgresql-91; Maintainer for postgresql-91 is Debian PostgreSQL Maintainers <pkg-postgresql-public@listsaliothdebianorg>; Reported by: Hleb Valoshka <375gnu@gmailcom> Date: Mon, 1 Apr 2013 17:33:01 UTC Severity: critica ...

Several security issues were fixed in PostgreSQL ...

Several vulnerabilities were discovered in PostgreSQL database server CVE-2013-1899 Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center discovered that it was possible for a connection request containing a database name that begins with - to be crafted that can damage or destroy files within a server's data di ...

A vulnerability was discovered in PostgreSQL database server Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess For the stable distribution (squeeze), this problem has been fixed in version 8417-0squeeze1 For the testing (wheezy) and unstable distribution (sid), postgresql-84 packages have be ...

An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (d ...

Argument injection vulnerability in PostgreSQL 92x before 924, 91x before 919, and 90x before 9013 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "- ...

PostgreSQL 92x before 924, 91x before 919, 90x before 9013, and 84x before 8417, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions" ...

CWE-189 http://www.postgresql.org/docs/current/static/release-8-4-17.html http://www.postgresql.org/docs/current/static/release-9-1-9.html http://www.postgresql.org/about/news/1456/http://www.postgresql.org/docs/current/static/release-9-0-13.html http://www.postgresql.org/docs/current/static/release-9-2-4.html http://www.ubuntu.com/usn/USN-1789-1 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html http://www.debian.org/security/2013/dsa-2657 http://www.debian.org/security/2013/dsa-2658 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:142 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://support.apple.com/kb/HT5880 http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://support.apple.com/kb/HT5892 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html http://rhn.redhat.com/errata/RHSA-2013-1475.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://access.redhat.com/errata/RHSA-2013:1475 https://nvd.nist.gov https://usn.ubuntu.com/1789-1/https://access.redhat.com/security/cve/cve-2013-1900

Get Started

CVE-2013-1900

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect