Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0868

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-0868
Last Modified 03 Jan 2013 11:36:03
Published 18 Jul 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0868

Summary

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

Vulnerable Systems

Application

  • Postgresql 8.3

  • Postgresql 8.3.1

  • Postgresql 8.3.10

  • Postgresql 8.3.11

  • Postgresql 8.3.12

  • Postgresql 8.3.13

  • Postgresql 8.3.14

  • Postgresql 8.3.15

  • Postgresql 8.3.16

  • Postgresql 8.3.17

  • Postgresql 8.3.2

  • Postgresql 8.3.3

  • Postgresql 8.3.4

  • Postgresql 8.3.5

  • Postgresql 8.3.6

  • Postgresql 8.3.7

  • Postgresql 8.3.8

  • Postgresql 8.3.9

  • Postgresql 8.4

  • Postgresql 8.4.1

  • Postgresql 8.4.10

  • Postgresql 8.4.2

  • Postgresql 8.4.3

  • Postgresql 8.4.4

  • Postgresql 8.4.5

  • Postgresql 8.4.6

  • Postgresql 8.4.7

  • Postgresql 8.4.8

  • Postgresql 8.4.9

  • Postgresql 9.0

  • Postgresql 9.0.1

  • Postgresql 9.0.2

  • Postgresql 9.0.3

  • Postgresql 9.0.4

  • Postgresql 9.0.5

  • Postgresql 9.0.6

  • Postgresql 9.1

  • Postgresql 9.1.1

  • Postgresql 9.1.2


References

CONFIRM - http://www.postgresql.org/docs/9.1/static/release-9-1-3.html

CONFIRM - http://www.postgresql.org/docs/9.0/static/release-9-0-7.html

CONFIRM - http://www.postgresql.org/docs/8.4/static/release-8-4-11.html

CONFIRM - http://www.postgresql.org/docs/8.3/static/release-8-3-18.html

CONFIRM - http://www.postgresql.org/about/news/1377/

MANDRIVA - MDVSA-2012:027

MANDRIVA - MDVSA-2012:026

DEBIAN - DSA-2418

REDHAT - RHSA-2012:0678

REDHAT - RHSA-2012:0677

SUSE - openSUSE-SU-2012:1173

SECUNIA - 49273

SECUNIA - 49272

Related Patches

Red Hat 2012:0677-01 RHSA Moderate: postgresql security update for RHEL 5 x86

Red Hat 2012:0678-01 RHSA Moderate: postgresql and postgresql84 security update for RHEL 5 x86

Novell SUSE 2012:6023 postgresql security update for SLE 11 SP1 i586

Novell SUSE 2012:6023 postgresql security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8071 postgresql security update for SLE 10 SP4 i586

Novell SUSE 2012:8071 postgresql security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:54:55