CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
EPSS
Percentile
99.8%
Issue Overview:
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a “-” (hyphen).
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the “contrib/pgcrypto functions.”
Affected Packages:
postgresql9
Issue Correction:
Run yum update postgresql9 to update your system.
New Packages:
i686:
postgresql9-libs-9.2.4-1.35.amzn1.i686
postgresql9-plperl-9.2.4-1.35.amzn1.i686
postgresql9-docs-9.2.4-1.35.amzn1.i686
postgresql9-contrib-9.2.4-1.35.amzn1.i686
postgresql9-pltcl-9.2.4-1.35.amzn1.i686
postgresql9-test-9.2.4-1.35.amzn1.i686
postgresql9-devel-9.2.4-1.35.amzn1.i686
postgresql9-9.2.4-1.35.amzn1.i686
postgresql9-plpython-9.2.4-1.35.amzn1.i686
postgresql9-upgrade-9.2.4-1.35.amzn1.i686
postgresql9-debuginfo-9.2.4-1.35.amzn1.i686
postgresql9-server-9.2.4-1.35.amzn1.i686
src:
postgresql9-9.2.4-1.35.amzn1.src
x86_64:
postgresql9-test-9.2.4-1.35.amzn1.x86_64
postgresql9-server-9.2.4-1.35.amzn1.x86_64
postgresql9-docs-9.2.4-1.35.amzn1.x86_64
postgresql9-debuginfo-9.2.4-1.35.amzn1.x86_64
postgresql9-pltcl-9.2.4-1.35.amzn1.x86_64
postgresql9-upgrade-9.2.4-1.35.amzn1.x86_64
postgresql9-devel-9.2.4-1.35.amzn1.x86_64
postgresql9-libs-9.2.4-1.35.amzn1.x86_64
postgresql9-plperl-9.2.4-1.35.amzn1.x86_64
postgresql9-9.2.4-1.35.amzn1.x86_64
postgresql9-plpython-9.2.4-1.35.amzn1.x86_64
postgresql9-contrib-9.2.4-1.35.amzn1.x86_64
Red Hat: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
Mitre: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | postgresql9-libs | < 9.2.4-1.35.amzn1 | postgresql9-libs-9.2.4-1.35.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | postgresql9-plperl | < 9.2.4-1.35.amzn1 | postgresql9-plperl-9.2.4-1.35.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | postgresql9-docs | < 9.2.4-1.35.amzn1 | postgresql9-docs-9.2.4-1.35.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | postgresql9-contrib | < 9.2.4-1.35.amzn1 | postgresql9-contrib-9.2.4-1.35.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | postgresql9-pltcl | < 9.2.4-1.35.amzn1 | postgresql9-pltcl-9.2.4-1.35.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | postgresql9-test | < 9.2.4-1.35.amzn1 | postgresql9-test-9.2.4-1.35.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | postgresql9-devel | < 9.2.4-1.35.amzn1 | postgresql9-devel-9.2.4-1.35.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | postgresql9 | < 9.2.4-1.35.amzn1 | postgresql9-9.2.4-1.35.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | postgresql9-plpython | < 9.2.4-1.35.amzn1 | postgresql9-plpython-9.2.4-1.35.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | postgresql9-upgrade | < 9.2.4-1.35.amzn1 | postgresql9-upgrade-9.2.4-1.35.amzn1.i686.rpm |