Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0867

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0867
Last Modified 03 Jan 2013 11:36:03
Published 18 Jul 2012 07:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0867

Summary

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Vulnerable Systems

Application

  • Postgresql 8.4

  • Postgresql 8.4.1

  • Postgresql 8.4.10

  • Postgresql 8.4.2

  • Postgresql 8.4.3

  • Postgresql 8.4.4

  • Postgresql 8.4.5

  • Postgresql 8.4.6

  • Postgresql 8.4.7

  • Postgresql 8.4.8

  • Postgresql 8.4.9

  • Postgresql 9.0

  • Postgresql 9.0.1

  • Postgresql 9.0.2

  • Postgresql 9.0.3

  • Postgresql 9.0.4

  • Postgresql 9.0.5

  • Postgresql 9.0.6

  • Postgresql 9.1

  • Postgresql 9.1.1

  • Postgresql 9.1.2


References

CONFIRM - http://www.postgresql.org/docs/9.1/static/release-9-1-3.html

CONFIRM - http://www.postgresql.org/docs/9.0/static/release-9-0-7.html

CONFIRM - http://www.postgresql.org/docs/8.4/static/release-8-4-11.html

CONFIRM - http://www.postgresql.org/about/news/1377/

MANDRIVA - MDVSA-2012:026

DEBIAN - DSA-2418

REDHAT - RHSA-2012:0678

SUSE - openSUSE-SU-2012:1173

SECUNIA - 49273

Related Patches

Red Hat 2012:0678-01 RHSA Moderate: postgresql and postgresql84 security update for RHEL 5 x86


Last Updated: 27 May 2016 10:54:55