Lucene search

MitreCVE-2009-3231

HistorySep 17, 2009 - 10:30 a.m.

CVE-2009-3231

2009-09-1710:30:01

CWE-287

mitre

web.nvd.nist.gov

130

postgresql

core server

ldap authentication

remote attackers

bypass authentication

empty password

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.8

Confidence

High

EPSS

0.014

Percentile

86.6%

JSON

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

Affected configurations

Nvd

Node

postgresqlpostgresqlRange8.2–8.2.14

postgresqlpostgresqlRange8.3–8.3.8

Node

opensuseopensuseRange10.3–11.1

suselinux_enterpriseMatch10.0sp2

suselinux_enterpriseMatch11.0-

suselinux_enterprise_serverMatch9

Node

fedoraprojectfedoraMatch10

fedoraprojectfedoraMatch11

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04-

canonicalubuntu_linuxMatch8.10

canonicalubuntu_linuxMatch9.04

VendorProductVersionCPE
postgresqlpostgresql*cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
opensuseopensuse*cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
suselinux_enterprise10.0cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*
suselinux_enterprise11.0cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
suselinux_enterprise_server9cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
fedoraprojectfedora10cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
fedoraprojectfedora11cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
canonicalubuntu_linux8.10cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
postgresql	postgresql	*	cpe:2.3:a:postgresql:postgresql::::::::
opensuse	opensuse	*	cpe:2.3:o:opensuse:opensuse::::::::
suse	linux_enterprise	10.0	cpe:2.3:o:suse:linux_enterprise:10.0:sp2::::::
suse	linux_enterprise	11.0	cpe:2.3:o:suse:linux_enterprise:11.0:-::::::
suse	linux_enterprise_server	9	cpe:2.3:o:suse:linux_enterprise_server:9:::::::*
fedoraproject	fedora	10	cpe:2.3:o:fedoraproject:fedora:10:::::::*
fedoraproject	fedora	11	cpe:2.3:o:fedoraproject:fedora:11:::::::*
canonical	ubuntu_linux	6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
canonical	ubuntu_linux	8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
canonical	ubuntu_linux	8.10	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*