Signature Detail
Short Name |
DB:POSTGRESQL:DBNAME-CLIFLAGINJ |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
DB |
Keywords |
PostgreSQL Database Name Command-line Flag Injection |
Release Date |
2013/04/05 |
Update Number |
2252 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DB: PostgreSQL Database Name Command-line Flag Injection
This signature detects attempts to exploit a known vulnerability against PostgreSQL. A successful attack can allow an attacker to gain elevated privileges, cause a denial of service condition or execute arbitrary code on the targeted system.
Extended Description
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Affected Products
- canonical ubuntu_linux 10.04 (-:lts)
- canonical ubuntu_linux 11.10
- canonical ubuntu_linux 12.04 (-:lts)
- canonical ubuntu_linux 12.10
- canonical ubuntu_linux 8.04 (-:lts)
- postgresql 9.0
- postgresql 9.0.1
- postgresql 9.0.10
- postgresql 9.0.11
- postgresql 9.0.12
- postgresql 9.0.2
- postgresql 9.0.3
- postgresql 9.0.4
- postgresql 9.0.5
- postgresql 9.0.6
- postgresql 9.0.7
- postgresql 9.0.8
- postgresql 9.0.9
- postgresql 9.1
- postgresql 9.1.1
- postgresql 9.1.2
- postgresql 9.1.3
- postgresql 9.1.4
- postgresql 9.1.5
- postgresql 9.1.6
- postgresql 9.1.7
- postgresql 9.1.8
- postgresql 9.2
- postgresql 9.2.1
- postgresql 9.2.2
- postgresql 9.2.3
References
- BugTraq: 58876
- CVE: CVE-2013-1899