First published: Tue Dec 15 2009(Updated: )
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
PostgreSQL PostgreSQL | =7.4.1 | |
PostgreSQL PostgreSQL | =7.4.2 | |
PostgreSQL PostgreSQL | =7.4.3 | |
PostgreSQL PostgreSQL | =7.4.4 | |
PostgreSQL PostgreSQL | =7.4.5 | |
PostgreSQL PostgreSQL | =7.4.6 | |
PostgreSQL PostgreSQL | =7.4.7 | |
PostgreSQL PostgreSQL | =7.4.8 | |
PostgreSQL PostgreSQL | =7.4.9 | |
PostgreSQL PostgreSQL | =7.4.10 | |
PostgreSQL PostgreSQL | =7.4.11 | |
PostgreSQL PostgreSQL | =7.4.12 | |
PostgreSQL PostgreSQL | =7.4.13 | |
PostgreSQL PostgreSQL | =7.4.14 | |
PostgreSQL PostgreSQL | =7.4.15 | |
PostgreSQL PostgreSQL | =7.4.16 | |
PostgreSQL PostgreSQL | =7.4.17 | |
PostgreSQL PostgreSQL | =7.4.18 | |
PostgreSQL PostgreSQL | =7.4.19 | |
PostgreSQL PostgreSQL | =7.4.20 | |
PostgreSQL PostgreSQL | =7.4.21 | |
PostgreSQL PostgreSQL | =7.4.22 | |
PostgreSQL PostgreSQL | =7.4.23 | |
PostgreSQL PostgreSQL | =7.4.24 | |
PostgreSQL PostgreSQL | =7.4.25 | |
PostgreSQL PostgreSQL | =7.4.26 | |
PostgreSQL PostgreSQL | =8.0.0 | |
PostgreSQL PostgreSQL | =8.0.1 | |
PostgreSQL PostgreSQL | =8.0.2 | |
PostgreSQL PostgreSQL | =8.0.3 | |
PostgreSQL PostgreSQL | =8.0.4 | |
PostgreSQL PostgreSQL | =8.0.5 | |
PostgreSQL PostgreSQL | =8.0.6 | |
PostgreSQL PostgreSQL | =8.0.7 | |
PostgreSQL PostgreSQL | =8.0.8 | |
PostgreSQL PostgreSQL | =8.0.9 | |
PostgreSQL PostgreSQL | =8.0.10 | |
PostgreSQL PostgreSQL | =8.0.11 | |
PostgreSQL PostgreSQL | =8.0.12 | |
PostgreSQL PostgreSQL | =8.0.13 | |
PostgreSQL PostgreSQL | =8.0.14 | |
PostgreSQL PostgreSQL | =8.0.15 | |
PostgreSQL PostgreSQL | =8.0.16 | |
PostgreSQL PostgreSQL | =8.0.17 | |
PostgreSQL PostgreSQL | =8.0.18 | |
PostgreSQL PostgreSQL | =8.0.19 | |
PostgreSQL PostgreSQL | =8.0.20 | |
PostgreSQL PostgreSQL | =8.0.21 | |
PostgreSQL PostgreSQL | =8.0.22 | |
PostgreSQL PostgreSQL | =8.1.0 | |
PostgreSQL PostgreSQL | =8.1.1 | |
PostgreSQL PostgreSQL | =8.1.2 | |
PostgreSQL PostgreSQL | =8.1.3 | |
PostgreSQL PostgreSQL | =8.1.4 | |
PostgreSQL PostgreSQL | =8.1.5 | |
PostgreSQL PostgreSQL | =8.1.6 | |
PostgreSQL PostgreSQL | =8.1.7 | |
PostgreSQL PostgreSQL | =8.1.8 | |
PostgreSQL PostgreSQL | =8.1.9 | |
PostgreSQL PostgreSQL | =8.1.10 | |
PostgreSQL PostgreSQL | =8.1.11 | |
PostgreSQL PostgreSQL | =8.1.12 | |
PostgreSQL PostgreSQL | =8.1.13 | |
PostgreSQL PostgreSQL | =8.1.14 | |
PostgreSQL PostgreSQL | =8.1.15 | |
PostgreSQL PostgreSQL | =8.1.16 | |
PostgreSQL PostgreSQL | =8.1.17 | |
PostgreSQL PostgreSQL | =8.1.18 | |
PostgreSQL PostgreSQL | =8.2 | |
PostgreSQL PostgreSQL | =8.2.1 | |
PostgreSQL PostgreSQL | =8.2.2 | |
PostgreSQL PostgreSQL | =8.2.3 | |
PostgreSQL PostgreSQL | =8.2.4 | |
PostgreSQL PostgreSQL | =8.2.5 | |
PostgreSQL PostgreSQL | =8.2.6 | |
PostgreSQL PostgreSQL | =8.2.7 | |
PostgreSQL PostgreSQL | =8.2.8 | |
PostgreSQL PostgreSQL | =8.2.9 | |
PostgreSQL PostgreSQL | =8.2.10 | |
PostgreSQL PostgreSQL | =8.2.11 | |
PostgreSQL PostgreSQL | =8.2.12 | |
PostgreSQL PostgreSQL | =8.2.13 | |
PostgreSQL PostgreSQL | =8.2.14 | |
PostgreSQL PostgreSQL | =8.3.1 | |
PostgreSQL PostgreSQL | =8.3.2 | |
PostgreSQL PostgreSQL | =8.3.3 | |
PostgreSQL PostgreSQL | =8.3.4 | |
PostgreSQL PostgreSQL | =8.3.5 | |
PostgreSQL PostgreSQL | =8.3.6 | |
PostgreSQL PostgreSQL | =8.3.7 | |
PostgreSQL PostgreSQL | =8.3.8 | |
PostgreSQL PostgreSQL | =8.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.