CVE-2013-1901
https://notcve.org/view.php?id=CVE-2013-1901
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. PostgreSQL v9.2.x anterior a v9.2.4, v9.1.x anterior a v9.1.9 no comprueba correctamente los privilegios de "REPLICATION", lo que permite a usuarios remotos autenticados para eludir restricciones de seguridad destinados a la llamada (1) pg_start_backup o las funciones (2) pg_stop_backup. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-1900 – postgresql: Improper randomization of pgcrypto functions (requiring random seed)
https://notcve.org/view.php?id=CVE-2013-1900
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." PostgreSQL v9.2.x anterior a v9.2.4, v9.1.x anterior a v9.1.9, v9.0.x anterior a v9.0.13, y v8.4.x anterior a v8.4.17 cuando se utiliza OpenSSL, genera números insuficiente aleatorios, lo que podría permitir a usuarios remotos autenticados provocar un impacto no especificado a través de vectores relacionados con las funciones "contrib/pgcrypto". • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2 • CWE-189: Numeric Errors •
CVE-2013-0255 – postgresql: array indexing error in enum_recv()
https://notcve.org/view.php?id=CVE-2013-0255
PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. PostgreSQL v9.2.x anteriores a v9.2.3, v9.1.x anteriores a v9.1.8, v9.0.x anteriores a v9.0.12, v8.4.x anteriores a v8.4.16, y v8.3.x anteriores a v8.3.23 no declaran correctamente la función enum_recv en backend/utils/adt/enum.c, lo cual provoca que se invoque con argumentos incorrectos y permitiendo que usuarios remotos autenticados causen una denegación de servicio (caída del servidor)o la lectura de procesos de memoria a través de un comando SQL manipulado que provoca un error de indexación del array y lectura fuera de rango. • http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098586.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00060.html http://osvdb.org/89935 http://rhn.redhat.com/errata/RHSA-2013-1475.html http://secunia.com/advisories/51923 http://secunia.com/advisories/52819 http://securitytracker.com/id?1028092 http://www.debian.org/security/2013/dsa-2630 http://www.mandriva.com/security/advisories? • CWE-20: Improper Input Validation •
CVE-2004-0977
https://notcve.org/view.php?id=CVE-2004-0977
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300 http://marc.info/?l=bugtraq&m=109910073808903&w=2 http://security.gentoo.org/glsa/glsa-200410-16.xml http://www.debian.org/security/2004/dsa-577 http://www.mandriva.com/security/advisories?name=MDKSA-2004:149 http://www.redhat.com/support/errata/RHSA-2004-489.html http://www.securityfocus.com/bid/11295 http://www.trustix.org/errata/2004/0050 https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 https:/ •