Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3231

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-3231
Last Modified 26 Mar 2010 01:33:36
Published 17 Sep 2009 06:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3231

Summary

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

Vulnerable Systems

Application

  • Postgresql 8.2

  • Postgresql 8.2.1

  • Postgresql 8.2.10

  • Postgresql 8.2.11

  • Postgresql 8.2.12

  • Postgresql 8.2.13

  • Postgresql 8.2.2

  • Postgresql 8.2.3

  • Postgresql 8.2.4

  • Postgresql 8.2.5

  • Postgresql 8.2.6

  • Postgresql 8.2.7

  • Postgresql 8.2.8

  • Postgresql 8.2.9

  • Postgresql 8.3

  • Postgresql 8.3.1

  • Postgresql 8.3.2

  • Postgresql 8.3.3

  • Postgresql 8.3.4

  • Postgresql 8.3.5

  • Postgresql 8.3.6

  • Postgresql 8.3.7


References

FEDORA - FEDORA-2009-9474

FEDORA - FEDORA-2009-9473

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=522084

DEBIAN - DSA-1900

UBUNTU - USN-834-1

BID - 36314

BUGTRAQ - 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server

CONFIRM - http://www.postgresql.org/support/security.html

CONFIRM - http://www.postgresql.org/docs/8.3/static/release-8-3-8.html

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012

SECUNIA - 36837

SECUNIA - 36800

SECUNIA - 36727

SECUNIA - 36660

SUSE - SUSE-SR:2009:017

SUSE - SUSE-SR:2009:016


Last Updated: 27 May 2016 10:51:10