Argument injection vulnerability in PostgreSQL via a connection requestID: oval:org.secpod.oval:def:15486 | Date: (C)2013-09-20 (M)2024-02-19 |
Class: VULNERABILITY | Family: macos |
The host is installed with Apple Mac OS X Lion 10.7 through 10.7.5, Mac OS X Mountain Lion 10.8 through 10.8.4 and is prone to argument injection vulnerability. The flaw is present in the in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13, which fails to handle a connection request using a database name that begins with a "-" (hyphen). Successful exploitation allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code.
Platform: |
Apple Mac OS X 10.7 |
Apple Mac OS X Server 10.7 |
Apple Mac OS X 10.8 |
Apple Mac OS X Server 10.8 |