[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Argument injection vulnerability in PostgreSQL via a connection request

ID: oval:org.secpod.oval:def:15486Date: (C)2013-09-20   (M)2024-02-19
Class: VULNERABILITYFamily: macos




The host is installed with Apple Mac OS X Lion 10.7 through 10.7.5, Mac OS X Mountain Lion 10.8 through 10.8.4 and is prone to argument injection vulnerability. The flaw is present in the in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13, which fails to handle a connection request using a database name that begins with a "-" (hyphen). Successful exploitation allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code.

Platform:
Apple Mac OS X 10.7
Apple Mac OS X Server 10.7
Apple Mac OS X 10.8
Apple Mac OS X Server 10.8
Reference:
CVE-2013-1899
CVE    1
CVE-2013-1899
CPE    2
cpe:/o:apple:mac_os_x
cpe:/o:apple:mac_os_x_server

© SecPod Technologies