Описание
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Отчет
Not Vulnerable. This issue does not affect the version of postgresql as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of postgresql84 as shipped with Red Hat Enterprise Linux 5.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | postgresql | Will not fix | ||
| Red Hat Enterprise Linux 5 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Not affected | ||
| Red Hat Enterprise Linux 6 | postgresql | Not affected | ||
| CloudForms Management Engine 5.x | cfme | Fixed | RHEA-2013:1487 | 31.10.2013 |
| CloudForms Management Engine 5.x | cfme-vnc-plugin | Fixed | RHEA-2013:1487 | 31.10.2013 |
| CloudForms Management Engine 5.x | libdnet | Fixed | RHEA-2013:1487 | 31.10.2013 |
| CloudForms Management Engine 5.x | lshw | Fixed | RHEA-2013:1487 | 31.10.2013 |
| CloudForms Management Engine 5.x | netapp-manageability-sdk | Fixed | RHEA-2013:1487 | 31.10.2013 |
| CloudForms Management Engine 5.x | open-vm-tools | Fixed | RHEA-2013:1487 | 31.10.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1 ...
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
5 Medium
CVSS2