Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PostgreSQL < 8.3.23 / 8.4.17 / 9.0.13 / 9.1.9 / 9.2.4 Multiple Vulnerabilities

Medium

Synopsis

The remote database server is vulnerable to multiple vulnerabilities.

Description

Versions of PostgreSQL earlier than 8.3.23 / 8.4.17 / 9.0.13 / 9.1.9 / 9.2.4 and are potentially affected by the following vulnerabilities :

- An insecure temporary file-creation, specifically occurs when a file with a predictable filename in the '/tmp' directory is created. (CVE-2013-1902)

- A password disclosure vulnerability occurs due to the application passing the database superuser passwords to a script, specifically exists in the graphical installers package. (CVE-2013-1903)

Solution

Upgrade to PostgreSQL 8.3.23 / 8.4.17 / 9.0.13 / 9.1.9 / 9.2.4 or later.