Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PostgreSQL < 8.4.17 Multiple Vulnerabilities

Medium

Synopsis

The remote database server is vulnerable to multiple vulnerabilities

Description

Versions of PostgreSQL earlier than 9.1.9 or 9.2.4 and are potentially affected by the following vulnerabilities :

- An information disclosure due to an error in the 'contrib\pgcrypto' functions. (CVE-2013-1900)

- An insecure temporary file-creation, specifically occurs when a file with a predictable filename in the '/tmp' directory is created. (CVE-2013-1902)

- A password disclosure vulnerability occurs due to the application passing the database superuser passwords to a script, specifically exists in the graphical installers package. (CVE-2013-1093)

Solution

Upgrade to PostgreSQL 8.4.17 or later.