6.8

CVE-2009-3231

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostgresqlPostgresql Version >= 8.2 < 8.2.14
PostgresqlPostgresql Version >= 8.3 < 8.3.8
OpensuseOpensuse Version >= 10.3 <= 11.1
SuseLinux Enterprise Version10.0 Updatesp2
SuseLinux Enterprise Version11.0 Update-
FedoraprojectFedora Version10
FedoraprojectFedora Version11
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.57% 0.937
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.postgresql.org/support/security.html
Vendor Advisory
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
Mailing List
http://marc.info/?l=bugtraq&m=134124585221119&w=2
Mailing List
http://secunia.com/advisories/36660
Vendor Advisory
Broken Link
http://secunia.com/advisories/36727
Vendor Advisory
Broken Link
http://secunia.com/advisories/36800
Broken Link
http://secunia.com/advisories/36837
Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
Broken Link
http://www.postgresql.org/docs/8.3/static/release-8-3-8.html
Release Notes
http://www.securityfocus.com/archive/1/509917/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/36314
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/usn-834-1
Third Party Advisory
http://www.us.debian.org/security/2009/dsa-1900
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=522084
Patch
Issue Tracking