Published: 04/04/2013 Updated: 01/12/2013

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

PostgreSQL 9.2.x prior to 9.2.4 and 9.1.x prior to 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 9.2.2
postgresql postgresql 9.2.3
postgresql postgresql 9.2.1
postgresql postgresql 9.2
postgresql postgresql 9.1.3
postgresql postgresql 9.1.6
postgresql postgresql 9.1
postgresql postgresql 9.1.7
postgresql postgresql 9.1.8
postgresql postgresql 9.1.5
postgresql postgresql 9.1.4
postgresql postgresql 9.1.2
postgresql postgresql 9.1.1
canonical ubuntu linux 12.10
canonical ubuntu linux 12.04
canonical ubuntu linux 8.04
canonical ubuntu linux 11.10
canonical ubuntu linux 10.04

Debian Bug report logs - #704479 postgresql: high-exposure security vulnerability Package: postgresql-91; Maintainer for postgresql-91 is Debian PostgreSQL Maintainers <pkg-postgresql-public@listsaliothdebianorg>; Reported by: Hleb Valoshka <375gnu@gmailcom> Date: Mon, 1 Apr 2013 17:33:01 UTC Severity: critica ...

Several security issues were fixed in PostgreSQL ...

Several vulnerabilities were discovered in PostgreSQL database server CVE-2013-1899 Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center discovered that it was possible for a connection request containing a database name that begins with - to be crafted that can damage or destroy files within a server's data di ...

A vulnerability was discovered in PostgreSQL database server Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess For the stable distribution (squeeze), this problem has been fixed in version 8417-0squeeze1 For the testing (wheezy) and unstable distribution (sid), postgresql-84 packages have be ...

Argument injection vulnerability in PostgreSQL 92x before 924, 91x before 919, and 90x before 9013 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "- ...

PostgreSQL 92x before 924 and 91x before 919 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions ...

CWE-264 http://www.postgresql.org/about/news/1456/http://www.ubuntu.com/usn/USN-1789-1 http://www.postgresql.org/docs/current/static/release-9-1-9.html http://www.postgresql.org/docs/current/static/release-9-2-4.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html http://www.debian.org/security/2013/dsa-2658 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:142 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://support.apple.com/kb/HT5880 http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://support.apple.com/kb/HT5892 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704479 https://usn.ubuntu.com/1789-1/https://access.redhat.com/security/cve/cve-2013-1901

CVE-2013-1901

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect