CVE-2009-3231
First published: Wed Sep 09 2009(Updated: )
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL PostgreSQL | =8.2 | |
| PostgreSQL PostgreSQL | =8.2.1 | |
| PostgreSQL PostgreSQL | =8.2.2 | |
| PostgreSQL PostgreSQL | =8.2.3 | |
| PostgreSQL PostgreSQL | =8.2.4 | |
| PostgreSQL PostgreSQL | =8.2.5 | |
| PostgreSQL PostgreSQL | =8.2.6 | |
| PostgreSQL PostgreSQL | =8.2.7 | |
| PostgreSQL PostgreSQL | =8.2.8 | |
| PostgreSQL PostgreSQL | =8.2.9 | |
| PostgreSQL PostgreSQL | =8.2.10 | |
| PostgreSQL PostgreSQL | =8.2.11 | |
| PostgreSQL PostgreSQL | =8.2.12 | |
| PostgreSQL PostgreSQL | =8.2.13 | |
| PostgreSQL PostgreSQL | =8.3 | |
| PostgreSQL PostgreSQL | =8.3.1 | |
| PostgreSQL PostgreSQL | =8.3.2 | |
| PostgreSQL PostgreSQL | =8.3.3 | |
| PostgreSQL PostgreSQL | =8.3.4 | |
| PostgreSQL PostgreSQL | =8.3.5 | |
| PostgreSQL PostgreSQL | =8.3.6 | |
| PostgreSQL PostgreSQL | =8.3.7 | |
| PostgreSQL PostgreSQL | >=8.2<8.2.14 | |
| PostgreSQL PostgreSQL | >=8.3<8.3.8 | |
| openSUSE openSUSE | >=10.3<=11.1 | |
| SUSE Linux Enterprise | =10.0-sp2 | |
| SUSE Linux Enterprise | =11.0 | |
| SUSE Linux Enterprise Server | =9 | |
| Fedoraproject Fedora | =10 | |
| Fedoraproject Fedora | =11 | |
| Canonical Ubuntu Linux | =6.06 | |
| Canonical Ubuntu Linux | =8.04 | |
| Canonical Ubuntu Linux | =8.10 | |
| Canonical Ubuntu Linux | =9.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=522084
- http://www.securityfocus.com/bid/36314
- https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html
- http://www.postgresql.org/docs/8.3/static/release-8-3-8.html
- https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
- http://www.postgresql.org/support/security.html
- http://secunia.com/advisories/36727
- http://secunia.com/advisories/36660
- http://secunia.com/advisories/36837
- http://www.us.debian.org/security/2009/dsa-1900
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
- http://secunia.com/advisories/36800
- http://www.ubuntu.com/usn/usn-834-1
- http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
- http://marc.info/?l=bugtraq&m=134124585221119&w=2
- http://www.securityfocus.com/archive/1/509917/100/0/threaded
- http://admin.fedoraproject.org/updates/postgresql-8.3.8-1.fc11
- http://admin.fedoraproject.org/updates/postgresql-8.3.8-1.fc10
- https://access.redhat.com/security/cve/CVE-2009-3231
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=522084
- https://rhn.redhat.com/errata/RHSA-2009-1461.html
- https://www.cve.org/CVERecord?id=CVE-2009-3231 https://nvd.nist.gov/vuln/detail/CVE-2009-3231
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3231.json
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3231
- collector/redhat-cve
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/author
- agent/remedy
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/8.2
- version/postgresql postgresql/8.2.1
- version/postgresql postgresql/8.2.2
- version/postgresql postgresql/8.2.3
- version/postgresql postgresql/8.2.4
- version/postgresql postgresql/8.2.5
- version/postgresql postgresql/8.2.6
- version/postgresql postgresql/8.2.7
- version/postgresql postgresql/8.2.8
- version/postgresql postgresql/8.2.9
- version/postgresql postgresql/8.2.10
- version/postgresql postgresql/8.2.11
- version/postgresql postgresql/8.2.12
- version/postgresql postgresql/8.2.13
- version/postgresql postgresql/8.3
- version/postgresql postgresql/8.3.1
- version/postgresql postgresql/8.3.2
- version/postgresql postgresql/8.3.3
- version/postgresql postgresql/8.3.4
- version/postgresql postgresql/8.3.5
- version/postgresql postgresql/8.3.6
- version/postgresql postgresql/8.3.7
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/10.3
- version/opensuse opensuse/11.1
- vendor/suse
- canonical/suse linux enterprise
- version/suse linux enterprise/10.0-sp2
- version/suse linux enterprise/11.0
- canonical/suse linux enterprise server
- version/suse linux enterprise server/9
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/10
- version/fedoraproject fedora/11
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/6.06
- version/canonical ubuntu linux/8.04
- version/canonical ubuntu linux/8.10
- version/canonical ubuntu linux/9.04