ID CVE-2013-1902
Summary PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."
References
Vulnerable Configurations
  • PostgreSQL 9.2
    cpe:2.3:a:postgresql:postgresql:9.2
  • PostgreSQL 9.2.1
    cpe:2.3:a:postgresql:postgresql:9.2.1
  • PostgreSQL 9.2.2
    cpe:2.3:a:postgresql:postgresql:9.2.2
  • PostgreSQL PostgreSQL 9.2.3
    cpe:2.3:a:postgresql:postgresql:9.2.3
  • PostgreSQL 9.1
    cpe:2.3:a:postgresql:postgresql:9.1
  • PostgreSQL 9.1.1
    cpe:2.3:a:postgresql:postgresql:9.1.1
  • PostgreSQL 9.1.2
    cpe:2.3:a:postgresql:postgresql:9.1.2
  • PostgreSQL 9.1.3
    cpe:2.3:a:postgresql:postgresql:9.1.3
  • PostgreSQL 9.1.4
    cpe:2.3:a:postgresql:postgresql:9.1.4
  • PostgreSQL 9.1.5
    cpe:2.3:a:postgresql:postgresql:9.1.5
  • PostgreSQL 9.1.6
    cpe:2.3:a:postgresql:postgresql:9.1.6
  • PostgreSQL 9.1.7
    cpe:2.3:a:postgresql:postgresql:9.1.7
  • PostgreSQL 9.1.8
    cpe:2.3:a:postgresql:postgresql:9.1.8
  • PostgreSQL 9.0
    cpe:2.3:a:postgresql:postgresql:9.0
  • PostgreSQL 9.0.1
    cpe:2.3:a:postgresql:postgresql:9.0.1
  • PostgreSQL 9.0.2
    cpe:2.3:a:postgresql:postgresql:9.0.2
  • PostgreSQL 9.0.3
    cpe:2.3:a:postgresql:postgresql:9.0.3
  • PostgreSQL 9.0.4
    cpe:2.3:a:postgresql:postgresql:9.0.4
  • PostgreSQL 9.0.5
    cpe:2.3:a:postgresql:postgresql:9.0.5
  • PostgreSQL 9.0.6
    cpe:2.3:a:postgresql:postgresql:9.0.6
  • PostgreSQL 9.0.7
    cpe:2.3:a:postgresql:postgresql:9.0.7
  • PostgreSQL 9.0.8
    cpe:2.3:a:postgresql:postgresql:9.0.8
  • PostgreSQL 9.0.9
    cpe:2.3:a:postgresql:postgresql:9.0.9
  • PostgreSQL 9.0.10
    cpe:2.3:a:postgresql:postgresql:9.0.10
  • PostgreSQL 9.0.11
    cpe:2.3:a:postgresql:postgresql:9.0.11
  • PostgreSQL 9.0.12
    cpe:2.3:a:postgresql:postgresql:9.0.12
  • PostgreSQL 8.4
    cpe:2.3:a:postgresql:postgresql:8.4
  • PostgreSQL 8.4.1
    cpe:2.3:a:postgresql:postgresql:8.4.1
  • PostgreSQL 8.4.2
    cpe:2.3:a:postgresql:postgresql:8.4.2
  • PostgreSQL 8.4.3
    cpe:2.3:a:postgresql:postgresql:8.4.3
  • PostgreSQL 8.4.4
    cpe:2.3:a:postgresql:postgresql:8.4.4
  • PostgreSQL 8.4.5
    cpe:2.3:a:postgresql:postgresql:8.4.5
  • PostgreSQL 8.4.6
    cpe:2.3:a:postgresql:postgresql:8.4.6
  • PostgreSQL 8.4.7
    cpe:2.3:a:postgresql:postgresql:8.4.7
  • PostgreSQL 8.4.8
    cpe:2.3:a:postgresql:postgresql:8.4.8
  • PostgreSQL 8.4.9
    cpe:2.3:a:postgresql:postgresql:8.4.9
  • PostgreSQL 8.4.10
    cpe:2.3:a:postgresql:postgresql:8.4.10
  • PostgreSQL 8.4.11
    cpe:2.3:a:postgresql:postgresql:8.4.11
  • PostgreSQL 8.4.12
    cpe:2.3:a:postgresql:postgresql:8.4.12
  • PostgreSQL 8.4.13
    cpe:2.3:a:postgresql:postgresql:8.4.13
  • PostgreSQL 8.4.14
    cpe:2.3:a:postgresql:postgresql:8.4.14
  • PostgreSQL 8.4.15
    cpe:2.3:a:postgresql:postgresql:8.4.15
  • PostgreSQL 8.4.16
    cpe:2.3:a:postgresql:postgresql:8.4.16
  • PostgreSQL 8.3
    cpe:2.3:a:postgresql:postgresql:8.3
  • PostgreSQL 8.3.1
    cpe:2.3:a:postgresql:postgresql:8.3.1
  • PostgreSQL 8.3.2
    cpe:2.3:a:postgresql:postgresql:8.3.2
  • PostgreSQL 8.3.3
    cpe:2.3:a:postgresql:postgresql:8.3.3
  • PostgreSQL 8.3.4
    cpe:2.3:a:postgresql:postgresql:8.3.4
  • PostgreSQL 8.3.5
    cpe:2.3:a:postgresql:postgresql:8.3.5
  • PostgreSQL 8.3.6
    cpe:2.3:a:postgresql:postgresql:8.3.6
  • PostgreSQL 8.3.7
    cpe:2.3:a:postgresql:postgresql:8.3.7
  • PostgreSQL 8.3.8
    cpe:2.3:a:postgresql:postgresql:8.3.8
  • PostgreSQL 8.3.9
    cpe:2.3:a:postgresql:postgresql:8.3.9
  • PostgreSQL 8.3.10
    cpe:2.3:a:postgresql:postgresql:8.3.10
  • PostgreSQL 8.3.11
    cpe:2.3:a:postgresql:postgresql:8.3.11
  • PostgreSQL 8.3.12
    cpe:2.3:a:postgresql:postgresql:8.3.12
  • PostgreSQL 8.3.13
    cpe:2.3:a:postgresql:postgresql:8.3.13
  • PostgreSQL 8.3.14
    cpe:2.3:a:postgresql:postgresql:8.3.14
  • PostgreSQL 8.3.15
    cpe:2.3:a:postgresql:postgresql:8.3.15
  • PostgreSQL 8.3.16
    cpe:2.3:a:postgresql:postgresql:8.3.16
  • PostgreSQL 8.3.17
    cpe:2.3:a:postgresql:postgresql:8.3.17
  • PostgreSQL 8.3.18
    cpe:2.3:a:postgresql:postgresql:8.3.18
  • PostgreSQL 8.3.19
    cpe:2.3:a:postgresql:postgresql:8.3.19
  • PostgreSQL 8.3.20
    cpe:2.3:a:postgresql:postgresql:8.3.20
  • PostgreSQL 8.3.21
    cpe:2.3:a:postgresql:postgresql:8.3.21
  • PostgreSQL 8.3.22
    cpe:2.3:a:postgresql:postgresql:8.3.22
CVSS
Base: 10.0 (as of 04-04-2013 - 15:16)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Databases
    NASL id POSTGRESQL_20130404.NASL
    description The version of PostgreSQL installed on the remote host is 8.4.x prior to 8.4.17, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.9, or 9.2.x prior to 9.2.4. It therefore is potentially affected by multiple vulnerabilities : - Enterprise DB's installers for Linux and Mac OS X create a directory and file in '/tmp' with predictable names. (CVE-2013-1902) - Enterprise DB's installers for Linux and Mac OS X pass the database superuser password to a script in an insecure fashion. (CVE-2013-1903)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 65854
    published 2013-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65854
    title PostgreSQL 8.4 < 8.4.17 / 9.0 < 9.0.13 / 9.1 < 9.1.9 / 9.2 < 9.2.4 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2013-004.NASL
    description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 69878
    published 2013-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69878
    title Mac OS X Multiple Vulnerabilities (Security Update 2013-004)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_8_5.NASL
    description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 69877
    published 2013-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69877
    title Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities
refmap via4
confirm
Last major update 04-04-2013 - 15:18
Published 04-04-2013 - 13:55
Last modified 19-10-2017 - 21:29
Back to Top