| VID |
25125 |
| Severity |
30 |
| Port |
5432 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The PostgreSQL server, according to its version number, is affected by a denial of service vulnerability due to a flaw in the enum_recv() function. PostgreSQL is a Object-Relational database management system (DBMS) that supports an extended subset of SQL.
The vulnerability is caused due an input validation error within the "enum_recv()" function (backend/utils/adt/enum.c) and can be exploited to crash the server via a specially crafted SQL query.
* Note: This check solely relied on the version number of the remote PostgreSQL server to assess this vulnerability, so this might be a false positive.
* References:
http://www.postgresql.org/about/news/1446/
http://www.postgresql.org/docs/8.3/static/release-8-3-23.html
http://www.postgresql.org/docs/8.4/static/release-8-4-16.html
http://www.postgresql.org/docs/9.0/static/release-9-0-12.html
http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
* Platforms Affected:
PostgreSQL prior to 8.23/8.4.16/9.0.12/9.1.8/9.2.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PostgreSQL (.23/8.4.16/9.0.12/9.1.8/9.2.3 or later), available from the PostgreSQL Web page at http://www.postgresql.org/download/ |
| Related URL |
CVE-2013-0255 (CVE) |
| Related URL |
57844 (SecurityFocus) |
| Related URL |
(ISS) |
|
