| VID |
25075 |
| Severity |
30 |
| Port |
5432 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The PostgreSQL server, according to its version number, has an authentication
bypass vulnerability.PostgreSQL is a Object-Relational database management system (DBMS) that supports an extended subset of SQL. The version of PostgreSQL running on the remote host has an authentication bypass vulnerability. If PostgreSQL is using LDAP authentication, and the LDAP server is configured to allow anonymous binds, it may be possible to log into the PostgreSQL server using a blank password. A remote attacker could exploit this to gain access to the database server, possibly as an administrator.
* Note: This check solely relied on the version number of the remote PostgreSQL server to assess this vulnerability, so this might be a false positive.
* References:
http://www.postgresql.org/about/news.1135
http://www.postgresql.org/support/security
* Platforms Affected:
PostgreSQL versions before 8.2.14/8.3.8
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PostgreSQL (8.2.14/8.3.8 or later), available from the PostgreSQL FTP Web page at http://wwwmaster.postgresql.org/ftp/ |
| Related URL |
CVE-2009-3231 (CVE) |
| Related URL |
36314 (SecurityFocus) |
| Related URL |
(ISS) |
|
