[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-834-1 -- PostgreSQL vulnerabilities

ID: oval:org.secpod.oval:def:700403Date: (C)2011-05-13   (M)2017-10-04
Class: PATCHFamily: unix




It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command. A remote authenticated attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 6.06 LTS. Due to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION AUTHORIZATION operations were allowed inside security-definer functions. A remote authenticated attacker could exploit this to escalate privileges within PostgreSQL. It was discovered that PostgreSQL did not properly perform LDAP authentication under certain circumstances. When configured to use LDAP with anonymous binds, a remote attacker could bypass authentication by supplying an empty password. This issue did not affect Ubuntu 6.06 LTS

Platform:
Ubuntu 8.04
Ubuntu 9.04
Ubuntu 6.06
Ubuntu 8.10
Product:
PostgreSQL
Reference:
USN-834-1
CVE-2009-3229
CVE-2009-3230
CVE-2009-3231
CVE-2007-6600
CVE    4
CVE-2009-3231
CVE-2009-3229
CVE-2009-3230
CVE-2007-6600
...
CPE    89
cpe:/o:ubuntu:ubuntu_linux:8.04
cpe:/a:postgresql:postgresql:7.4.19
cpe:/a:postgresql:postgresql:8.2.9
cpe:/a:postgresql:postgresql:8.2.8
...

© 2013 SecPod Technologies