| VuXML ID | Description |
|---|
| e7bc5600-eaa0-11de-bd9c-00215c6a37bb | postgresql -- multiple vulnerabilities
PostgreSQL project reports:
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly handle a '\0' character
in a domain name in the subject's Common Name (CN) field of an
X.509 certificate, which (1) allows man-in-the-middle attackers
to spoof arbitrary SSL-based PostgreSQL servers via a crafted
server certificate issued by a legitimate Certification Authority,
and (2) allows remote attackers to bypass intended client-hostname
restrictions via a crafted client certificate issued by a legitimate
Certification Authority, a related issue to CVE-2009-2408.
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly manage session-local
state during execution of an index function by a database
superuser, which allows remote authenticated users to gain
privileges via a table with crafted index functions, as
demonstrated by functions that modify (1) search_path or
(2) a prepared statement, a related issue to CVE-2007-6600
and CVE-2009-3230.
Discovery 2009-11-20
Entry 2009-12-17
postgresql-client
postgresql-server
ge 7.4 lt 7.4.27
ge 8.0 lt 8.0.23
ge 8.1 lt 8.1.19
ge 8.2 lt 8.2.15
ge 8.3 lt 8.3.9
ge 8.4 lt 8.4.2
CVE-2009-4034
CVE-2009-4136
|
| e7bc5600-eaa0-11de-bd9c-00215c6a37bb | postgresql -- multiple vulnerabilities
PostgreSQL project reports:
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly handle a '\0' character
in a domain name in the subject's Common Name (CN) field of an
X.509 certificate, which (1) allows man-in-the-middle attackers
to spoof arbitrary SSL-based PostgreSQL servers via a crafted
server certificate issued by a legitimate Certification Authority,
and (2) allows remote attackers to bypass intended client-hostname
restrictions via a crafted client certificate issued by a legitimate
Certification Authority, a related issue to CVE-2009-2408.
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly manage session-local
state during execution of an index function by a database
superuser, which allows remote authenticated users to gain
privileges via a table with crafted index functions, as
demonstrated by functions that modify (1) search_path or
(2) a prepared statement, a related issue to CVE-2007-6600
and CVE-2009-3230.
Discovery 2009-11-20
Entry 2009-12-17
postgresql-client
postgresql-server
ge 7.4 lt 7.4.27
ge 8.0 lt 8.0.23
ge 8.1 lt 8.1.19
ge 8.2 lt 8.2.15
ge 8.3 lt 8.3.9
ge 8.4 lt 8.4.2
CVE-2009-4034
CVE-2009-4136
|
| 174b8864-6237-11e1-be18-14dae938ec40 | databases/postgresql*-client -- multiple vulnerabilities
The PostgreSQL Global Development Group reports:
These vulnerabilities could allow users to define triggers that
execute functions on which the user does not have EXECUTE
permission, allow SSL certificate spoofing and allow line breaks
in object names to be exploited to execute code when loading a
pg_dump file.
Discovery 2012-02-27
Entry 2012-02-28
postgresql-client
lt 8.3.18
ge 8.4 lt 8.4.11
ge 9 lt 9.0.7
ge 9.1 lt 9.1.3
CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
http://www.postgresql.org/about/news/1377/
|
| 174b8864-6237-11e1-be18-14dae938ec40 | databases/postgresql*-client -- multiple vulnerabilities
The PostgreSQL Global Development Group reports:
These vulnerabilities could allow users to define triggers that
execute functions on which the user does not have EXECUTE
permission, allow SSL certificate spoofing and allow line breaks
in object names to be exploited to execute code when loading a
pg_dump file.
Discovery 2012-02-27
Entry 2012-02-28
postgresql-client
lt 8.3.18
ge 8.4 lt 8.4.11
ge 9 lt 9.0.7
ge 9.1 lt 9.1.3
CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
http://www.postgresql.org/about/news/1377/
|