CVE-2012-0868

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html

http://rhn.redhat.com/errata/RHSA-2012-0677.html

http://rhn.redhat.com/errata/RHSA-2012-0678.html

http://secunia.com/advisories/49272

http://secunia.com/advisories/49273

http://www.debian.org/security/2012/dsa-2418

http://www.mandriva.com/security/advisories?name=MDVSA-2012:026

http://www.mandriva.com/security/advisories?name=MDVSA-2012:027

http://www.postgresql.org/about/news/1377/

http://www.postgresql.org/docs/8.3/static/release-8-3-18.html

http://www.postgresql.org/docs/8.4/static/release-8-4-11.html

http://www.postgresql.org/docs/9.0/static/release-9-0-7.html

http://www.postgresql.org/docs/9.1/static/release-9-1-3.html

Details

Source: MITRE

Published: 2012-07-18

Updated: 2016-12-08

Type: CWE-89

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
74756openSUSE Security Update : postgresql (openSUSE-SU-2012:1173-1)NessusSuSE Local Security Checks
medium
74591openSUSE Security Update : postgresql (openSUSE-SU-2012:0480-1)NessusSuSE Local Security Checks
medium
69689Amazon Linux AMI : postgresql8 (ALAS-2012-82)NessusAmazon Linux Local Security Checks
medium
68529Oracle Linux 5 / 6 : postgresql / postgresql84 (ELSA-2012-0678)NessusOracle Linux Local Security Checks
medium
68528Oracle Linux 5 : postgresql (ELSA-2012-0677)NessusOracle Linux Local Security Checks
medium
6817PostgreSQL < 8.4.11 / 9.0.7 / 9.1.3 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
64215SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6023)NessusSuSE Local Security Checks
medium
63355PostgreSQL 8.3 < 8.3.18 Multiple VulnerabilitiesNessusDatabases
high
63352PostgreSQL 8.4 < 8.4.11 / 9.0 < 9.0.7 / 9.1 < 9.1.3 Multiple VulnerabilitiesNessusDatabases
medium
62380GLSA-201209-24 : PostgreSQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
61317Scientific Linux Security Update : postgresql on SL5.x i386/x86_64 (20120521)NessusScientific Linux Local Security Checks
medium
61316Scientific Linux Security Update : postgresql and postgresql84 on SL5.x, SL6.x i386/x86_64 (20120521)NessusScientific Linux Local Security Checks
medium
59384SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 8071)NessusSuSE Local Security Checks
medium
59223RHEL 5 / 6 : postgresql and postgresql84 (RHSA-2012:0678)NessusRed Hat Local Security Checks
medium
59222RHEL 5 : postgresql (RHSA-2012:0677)NessusRed Hat Local Security Checks
medium
59214CentOS 5 / 6 : postgresql / postgresql84 (CESA-2012:0678)NessusCentOS Local Security Checks
medium
59213CentOS 5 : postgresql (CESA-2012:0677)NessusCentOS Local Security Checks
medium
58282Fedora 16 : postgresql-9.1.3-1.fc16 (2012-2591)NessusFedora Local Security Checks
medium
58281Fedora 15 : postgresql-9.0.7-1.fc15 (2012-2589)NessusFedora Local Security Checks
medium
58257Fedora 17 : postgresql-9.1.3-1.fc17 (2012-2508)NessusFedora Local Security Checks
medium
58177Mandriva Linux Security Advisory : postgresql (MDVSA-2012:026)NessusMandriva Local Security Checks
medium
58168Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities (USN-1378-1)NessusUbuntu Local Security Checks
medium
58162FreeBSD : databases/postgresql*-client -- multiple vulnerabilities (174b8864-6237-11e1-be18-14dae938ec40)NessusFreeBSD Local Security Checks
medium
6337PostgreSQL < 9.1.3 / 9.0.7 / 8.4.11 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
6336PostgreSQL 8.3.x < 8.3.18 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
58135Debian DSA-2418-1 : postgresql-8.4 - several vulnerabilitiesNessusDebian Local Security Checks
medium