CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
86.6%
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
Vendor | Product | Version | CPE |
---|---|---|---|
postgresql | postgresql | * | cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
opensuse | opensuse | * | cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:* |
suse | linux_enterprise | 10.0 | cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:* |
suse | linux_enterprise | 11.0 | cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:* |
suse | linux_enterprise_server | 9 | cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* |
fedoraproject | fedora | 10 | cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* |
fedoraproject | fedora | 11 | cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 6.06 | cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 8.04 | cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* |
canonical | ubuntu_linux | 8.10 | cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
marc.info/?l=bugtraq&m=134124585221119&w=2
secunia.com/advisories/36660
secunia.com/advisories/36727
secunia.com/advisories/36800
secunia.com/advisories/36837
wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
www.postgresql.org/docs/8.3/static/release-8-3-8.html
www.postgresql.org/support/security.html
www.securityfocus.com/archive/1/509917/100/0/threaded
www.securityfocus.com/bid/36314
www.ubuntu.com/usn/usn-834-1
www.us.debian.org/security/2009/dsa-1900
bugzilla.redhat.com/show_bug.cgi?id=522084
www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html