Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2009-3231 - CERT CVE
CVE-2009-3231
ID
CVE-2009-3231
Sažetak
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
Reference
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://marc.info/?l=bugtraq&m=134124585221119&w=2
http://secunia.com/advisories/36660
http://secunia.com/advisories/36727
http://secunia.com/advisories/36800
http://secunia.com/advisories/36837
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
http://www.postgresql.org/docs/8.3/static/release-8-3-8.html
http://www.postgresql.org/support/security.html
http://www.securityfocus.com/archive/1/509917/100/0/threaded
http://www.securityfocus.com/bid/36314
http://www.ubuntu.com/usn/usn-834-1
http://www.us.debian.org/security/2009/dsa-1900
https://bugzilla.redhat.com/show_bug.cgi?id=522084
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html
CVSS
Base:
6.8
Impact:
6.4
Exploitability:
8.6
Pristup
Vektor
Složenost
Autentikacija
NETWORK
MEDIUM
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
PARTIAL
PARTIAL
PARTIAL
CVSS vektor
AV:N/AC:M/Au:N/C:P/I:P/A:P
Zadnje važnije ažuriranje
13-02-2024 - 17:41
Objavljeno
17-09-2009 - 10:30