Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0255

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-0255
Last Modified 03 Jan 2014 11:44:01
Published 12 Feb 2013 08:55:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-0255

Summary

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.

Vulnerable Systems

Application

  • Postgresql 8.3

  • Postgresql 8.3.1

  • Postgresql 8.3.10

  • Postgresql 8.3.11

  • Postgresql 8.3.12

  • Postgresql 8.3.13

  • Postgresql 8.3.14

  • Postgresql 8.3.15

  • Postgresql 8.3.16

  • Postgresql 8.3.17

  • Postgresql 8.3.18

  • Postgresql 8.3.19

  • Postgresql 8.3.2

  • Postgresql 8.3.20

  • Postgresql 8.3.21

  • Postgresql 8.3.22

  • Postgresql 8.3.3

  • Postgresql 8.3.4

  • Postgresql 8.3.5

  • Postgresql 8.3.6

  • Postgresql 8.3.7

  • Postgresql 8.3.8

  • Postgresql 8.3.9

  • Postgresql 8.4

  • Postgresql 8.4.1

  • Postgresql 8.4.10

  • Postgresql 8.4.11

  • Postgresql 8.4.12

  • Postgresql 8.4.13

  • Postgresql 8.4.14

  • Postgresql 8.4.15

  • Postgresql 8.4.2

  • Postgresql 8.4.3

  • Postgresql 8.4.4

  • Postgresql 8.4.5

  • Postgresql 8.4.6

  • Postgresql 8.4.7

  • Postgresql 8.4.8

  • Postgresql 8.4.9

  • Postgresql 9.0

  • Postgresql 9.0.1

  • Postgresql 9.0.10

  • Postgresql 9.0.11

  • Postgresql 9.0.2

  • Postgresql 9.0.3

  • Postgresql 9.0.4

  • Postgresql 9.0.5

  • Postgresql 9.0.6

  • Postgresql 9.0.7

  • Postgresql 9.0.8

  • Postgresql 9.0.9

  • Postgresql 9.1

  • Postgresql 9.1.1

  • Postgresql 9.1.2

  • Postgresql 9.1.3

  • Postgresql 9.1.4

  • Postgresql 9.1.5

  • Postgresql 9.1.6

  • Postgresql 9.1.7


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=907892

XF - postgresql-enumrecv-dos(81917)

UBUNTU - USN-1717-1

BID - 57844

CONFIRM - http://www.postgresql.org/docs/9.2/static/release-9-2-3.html

CONFIRM - http://www.postgresql.org/docs/9.1/static/release-9-1-8.html

CONFIRM - http://www.postgresql.org/docs/9.0/static/release-9-0-12.html

CONFIRM - http://www.postgresql.org/docs/8.4/static/release-8-4-16.html

CONFIRM - http://www.postgresql.org/docs/8.3/static/release-8-3-23.html

SECTRACK - 1028092

SECUNIA - 51923

OSVDB - 89935

FEDORA - FEDORA-2013-2123

DEBIAN - DSA-2630

SUSE - openSUSE-SU-2013:0319

SUSE - openSUSE-SU-2013:0318

CONFIRM - https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index

SECUNIA - 52819

MANDRIVA - MDVSA-2013:142

REDHAT - RHSA-2013:1475

Related Patches

SUN138822-12 Solaris 10 SPARC: PostgreSQL 8.3 documentation patch

SUN138823-12 Solaris 10 x86: PostgreSQL 8.3 documentation patch

SUN138824-12 Solaris 10 SPARC: PostgreSQL 8.3 source code patch

SUN138825-12 Solaris 10 x86: PostgreSQL 8.3 source code patch

SUN138826-12 Solaris 10 SPARC: PostgreSQL 8.3 core patch

SUN138827-12 Solaris 10 x86: PostgreSQL 8.3 core patch


Last Updated: 27 May 2016 11:01:50