Security bypass vulnerability in PostgreSQL via REPLICATION privilegesID: oval:org.secpod.oval:def:15488 | Date: (C)2013-09-20 (M)2024-02-19 |
Class: VULNERABILITY | Family: macos |
The host is installed with Apple Mac OS X Lion 10.7 through 10.7.5, Mac OS X Mountain Lion 10.8 through 10.8.4 and is prone to security bypass vulnerability. The flaw is present in the PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9, which does not properly check REPLICATION privileges. Successful exploitation allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
Platform: |
Apple Mac OS X 10.7 |
Apple Mac OS X Server 10.7 |
Apple Mac OS X 10.8 |
Apple Mac OS X Server 10.8 |