ID CVE-2012-2655
Summary PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.
References
Vulnerable Configurations
  • cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.3.18:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 19-04-2013 - 03:22)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 825995
title CVE-2012-2655 postgresql: Ability of database owners to install procedural languages via CREATE LANGUAGE found unsafe (DoS)
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment postgresql84 is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037001
        • comment postgresql84 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430002
      • AND
        • comment postgresql84-contrib is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037003
        • comment postgresql84-contrib is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430004
      • AND
        • comment postgresql84-devel is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037005
        • comment postgresql84-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430006
      • AND
        • comment postgresql84-docs is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037007
        • comment postgresql84-docs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430008
      • AND
        • comment postgresql84-libs is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037009
        • comment postgresql84-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430010
      • AND
        • comment postgresql84-plperl is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037011
        • comment postgresql84-plperl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430012
      • AND
        • comment postgresql84-plpython is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037013
        • comment postgresql84-plpython is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430014
      • AND
        • comment postgresql84-pltcl is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037015
        • comment postgresql84-pltcl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430016
      • AND
        • comment postgresql84-python is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037017
        • comment postgresql84-python is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430018
      • AND
        • comment postgresql84-server is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037019
        • comment postgresql84-server is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430020
      • AND
        • comment postgresql84-tcl is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037021
        • comment postgresql84-tcl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430022
      • AND
        • comment postgresql84-test is earlier than 0:8.4.12-1.el5_8
          oval oval:com.redhat.rhsa:tst:20121037023
        • comment postgresql84-test is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430024
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment postgresql is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037026
        • comment postgresql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908002
      • AND
        • comment postgresql-contrib is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037028
        • comment postgresql-contrib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908004
      • AND
        • comment postgresql-devel is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037030
        • comment postgresql-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908006
      • AND
        • comment postgresql-docs is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037032
        • comment postgresql-docs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908008
      • AND
        • comment postgresql-libs is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037034
        • comment postgresql-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908010
      • AND
        • comment postgresql-plperl is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037036
        • comment postgresql-plperl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908012
      • AND
        • comment postgresql-plpython is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037038
        • comment postgresql-plpython is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908014
      • AND
        • comment postgresql-pltcl is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037040
        • comment postgresql-pltcl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908016
      • AND
        • comment postgresql-server is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037042
        • comment postgresql-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908018
      • AND
        • comment postgresql-test is earlier than 0:8.4.12-1.el6_2
          oval oval:com.redhat.rhsa:tst:20121037044
        • comment postgresql-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100908020
rhsa
id RHSA-2012:1037
released 2012-06-25
severity Moderate
title RHSA-2012:1037: postgresql and postgresql84 security update (Moderate)
rpms
  • postgresql-0:8.4.12-1.el6_2
  • postgresql-contrib-0:8.4.12-1.el6_2
  • postgresql-debuginfo-0:8.4.12-1.el6_2
  • postgresql-devel-0:8.4.12-1.el6_2
  • postgresql-docs-0:8.4.12-1.el6_2
  • postgresql-libs-0:8.4.12-1.el6_2
  • postgresql-plperl-0:8.4.12-1.el6_2
  • postgresql-plpython-0:8.4.12-1.el6_2
  • postgresql-pltcl-0:8.4.12-1.el6_2
  • postgresql-server-0:8.4.12-1.el6_2
  • postgresql-test-0:8.4.12-1.el6_2
  • postgresql84-0:8.4.12-1.el5_8
  • postgresql84-contrib-0:8.4.12-1.el5_8
  • postgresql84-debuginfo-0:8.4.12-1.el5_8
  • postgresql84-devel-0:8.4.12-1.el5_8
  • postgresql84-docs-0:8.4.12-1.el5_8
  • postgresql84-libs-0:8.4.12-1.el5_8
  • postgresql84-plperl-0:8.4.12-1.el5_8
  • postgresql84-plpython-0:8.4.12-1.el5_8
  • postgresql84-pltcl-0:8.4.12-1.el5_8
  • postgresql84-python-0:8.4.12-1.el5_8
  • postgresql84-server-0:8.4.12-1.el5_8
  • postgresql84-tcl-0:8.4.12-1.el5_8
  • postgresql84-test-0:8.4.12-1.el5_8
refmap via4
confirm http://www.postgresql.org/about/news/1398/
debian DSA-2491
fedora
  • FEDORA-2012-8893
  • FEDORA-2012-8915
  • FEDORA-2012-8924
mandriva MDVSA-2012:092
secunia 50718
suse
  • openSUSE-SU-2012:1251
  • openSUSE-SU-2012:1288
  • openSUSE-SU-2012:1299
Last major update 19-04-2013 - 03:22
Published 18-07-2012 - 23:55
Last modified 19-04-2013 - 03:22
Back to Top