Denial of Service : PostgreSQL Denial of Service Vulnerability (Apr 2013)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803473

Categoría: Denial of Service

Título: PostgreSQL Denial of Service Vulnerability (Apr 2013) - Windows

Resumen: PostgreSQL is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
PostgreSQL is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
Improper validation of connection request that contains database name
begins with the '-' symbol.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary
SQL query, gain access or manipulate arbitrary files, and cause denial of service.

Affected Software/OS:
PostgreSQL version 9.2.x before 9.2.4, 9.1.x before 9.1.9, and
9.0.x before 9.0.13.

Solution:
Upgrade to PostgreSQL 9.0.13, 9.1.9, 9.2.4 or later.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1899
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
Debian Security Information: DSA-2658 (Google Search)
http://www.debian.org/security/2013/dsa-2658
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
SuSE Security Announcement: SUSE-SU-2013:0633 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html
SuSE Security Announcement: openSUSE-SU-2013:0627 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html
SuSE Security Announcement: openSUSE-SU-2013:0628 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html
SuSE Security Announcement: openSUSE-SU-2013:0635 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html
http://www.ubuntu.com/usn/USN-1789-1

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803473
Categoría:	Denial of Service
Título:	PostgreSQL Denial of Service Vulnerability (Apr 2013) - Windows
Resumen:	PostgreSQL is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: PostgreSQL is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Improper validation of connection request that contains database name begins with the '-' symbol. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary SQL query, gain access or manipulate arbitrary files, and cause denial of service. Affected Software/OS: PostgreSQL version 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13. Solution: Upgrade to PostgreSQL 9.0.13, 9.1.9, 9.2.4 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1899 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html Debian Security Information: DSA-2658 (Google Search) http://www.debian.org/security/2013/dsa-2658 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:142 SuSE Security Announcement: SUSE-SU-2013:0633 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html SuSE Security Announcement: openSUSE-SU-2013:0627 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html SuSE Security Announcement: openSUSE-SU-2013:0628 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html SuSE Security Announcement: openSUSE-SU-2013:0635 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html http://www.ubuntu.com/usn/USN-1789-1
Copyright	Copyright (C) 2013 Greenbone AG