CVE-2013-1902
First published: Thu Apr 04 2013(Updated: )
PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL JDBC Driver | =9.2 | |
| PostgreSQL JDBC Driver | =9.2.1 | |
| PostgreSQL JDBC Driver | =9.2.2 | |
| PostgreSQL JDBC Driver | =9.2.3 | |
| PostgreSQL JDBC Driver | =9.1 | |
| PostgreSQL JDBC Driver | =9.1.1 | |
| PostgreSQL JDBC Driver | =9.1.2 | |
| PostgreSQL JDBC Driver | =9.1.3 | |
| PostgreSQL JDBC Driver | =9.1.4 | |
| PostgreSQL JDBC Driver | =9.1.5 | |
| PostgreSQL JDBC Driver | =9.1.6 | |
| PostgreSQL JDBC Driver | =9.1.7 | |
| PostgreSQL JDBC Driver | =9.1.8 | |
| PostgreSQL JDBC Driver | =9.0 | |
| PostgreSQL JDBC Driver | =9.0.1 | |
| PostgreSQL JDBC Driver | =9.0.2 | |
| PostgreSQL JDBC Driver | =9.0.3 | |
| PostgreSQL JDBC Driver | =9.0.4 | |
| PostgreSQL JDBC Driver | =9.0.5 | |
| PostgreSQL JDBC Driver | =9.0.6 | |
| PostgreSQL JDBC Driver | =9.0.7 | |
| PostgreSQL JDBC Driver | =9.0.8 | |
| PostgreSQL JDBC Driver | =9.0.9 | |
| PostgreSQL JDBC Driver | =9.0.10 | |
| PostgreSQL JDBC Driver | =9.0.11 | |
| PostgreSQL JDBC Driver | =9.0.12 | |
| PostgreSQL JDBC Driver | =8.4 | |
| PostgreSQL JDBC Driver | =8.4.1 | |
| PostgreSQL JDBC Driver | =8.4.2 | |
| PostgreSQL JDBC Driver | =8.4.3 | |
| PostgreSQL JDBC Driver | =8.4.4 | |
| PostgreSQL JDBC Driver | =8.4.5 | |
| PostgreSQL JDBC Driver | =8.4.6 | |
| PostgreSQL JDBC Driver | =8.4.7 | |
| PostgreSQL JDBC Driver | =8.4.8 | |
| PostgreSQL JDBC Driver | =8.4.9 | |
| PostgreSQL JDBC Driver | =8.4.10 | |
| PostgreSQL JDBC Driver | =8.4.11 | |
| PostgreSQL JDBC Driver | =8.4.12 | |
| PostgreSQL JDBC Driver | =8.4.13 | |
| PostgreSQL JDBC Driver | =8.4.14 | |
| PostgreSQL JDBC Driver | =8.4.15 | |
| PostgreSQL JDBC Driver | =8.4.16 | |
| PostgreSQL JDBC Driver | =8.3 | |
| PostgreSQL JDBC Driver | =8.3.1 | |
| PostgreSQL JDBC Driver | =8.3.2 | |
| PostgreSQL JDBC Driver | =8.3.3 | |
| PostgreSQL JDBC Driver | =8.3.4 | |
| PostgreSQL JDBC Driver | =8.3.5 | |
| PostgreSQL JDBC Driver | =8.3.6 | |
| PostgreSQL JDBC Driver | =8.3.7 | |
| PostgreSQL JDBC Driver | =8.3.8 | |
| PostgreSQL JDBC Driver | =8.3.9 | |
| PostgreSQL JDBC Driver | =8.3.10 | |
| PostgreSQL JDBC Driver | =8.3.11 | |
| PostgreSQL JDBC Driver | =8.3.12 | |
| PostgreSQL JDBC Driver | =8.3.13 | |
| PostgreSQL JDBC Driver | =8.3.14 | |
| PostgreSQL JDBC Driver | =8.3.15 | |
| PostgreSQL JDBC Driver | =8.3.16 | |
| PostgreSQL JDBC Driver | =8.3.17 | |
| PostgreSQL JDBC Driver | =8.3.18 | |
| PostgreSQL JDBC Driver | =8.3.19 | |
| PostgreSQL JDBC Driver | =8.3.20 | |
| PostgreSQL JDBC Driver | =8.3.21 | |
| PostgreSQL JDBC Driver | =8.3.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-1902?
CVE-2013-1902 is considered to have an unspecified severity level due to its impact on insecure temporary file generation.
How do I fix CVE-2013-1902?
To fix CVE-2013-1902, upgrade your PostgreSQL installation to a version that is 9.2.4 or later, 9.1.9 or later, 9.0.13 or later, 8.4.17 or later, or 8.3.23 or later.
What versions of PostgreSQL are affected by CVE-2013-1902?
CVE-2013-1902 affects PostgreSQL versions 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23.
What impact does CVE-2013-1902 have on users?
CVE-2013-1902 may lead to potential exploitation through insecure temporary files, particularly affecting graphical installers for Linux and Mac OS X.
Is CVE-2013-1902 related to data exposure or loss?
While the exact attack vectors of CVE-2013-1902 are unspecified, the vulnerability could potentially lead to data exposure due to predictable temporary filenames.
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/postgresql
- canonical/postgresql jdbc driver
- version/postgresql jdbc driver/9.2
- version/postgresql jdbc driver/9.2.1
- version/postgresql jdbc driver/9.2.2
- version/postgresql jdbc driver/9.2.3
- version/postgresql jdbc driver/9.1
- version/postgresql jdbc driver/9.1.1
- version/postgresql jdbc driver/9.1.2
- version/postgresql jdbc driver/9.1.3
- version/postgresql jdbc driver/9.1.4
- version/postgresql jdbc driver/9.1.5
- version/postgresql jdbc driver/9.1.6
- version/postgresql jdbc driver/9.1.7
- version/postgresql jdbc driver/9.1.8
- version/postgresql jdbc driver/9.0
- version/postgresql jdbc driver/9.0.1
- version/postgresql jdbc driver/9.0.2
- version/postgresql jdbc driver/9.0.3
- version/postgresql jdbc driver/9.0.4
- version/postgresql jdbc driver/9.0.5
- version/postgresql jdbc driver/9.0.6
- version/postgresql jdbc driver/9.0.7
- version/postgresql jdbc driver/9.0.8
- version/postgresql jdbc driver/9.0.9
- version/postgresql jdbc driver/9.0.10
- version/postgresql jdbc driver/9.0.11
- version/postgresql jdbc driver/9.0.12
- version/postgresql jdbc driver/8.4
- version/postgresql jdbc driver/8.4.1
- version/postgresql jdbc driver/8.4.2
- version/postgresql jdbc driver/8.4.3
- version/postgresql jdbc driver/8.4.4
- version/postgresql jdbc driver/8.4.5
- version/postgresql jdbc driver/8.4.6
- version/postgresql jdbc driver/8.4.7
- version/postgresql jdbc driver/8.4.8
- version/postgresql jdbc driver/8.4.9
- version/postgresql jdbc driver/8.4.10
- version/postgresql jdbc driver/8.4.11
- version/postgresql jdbc driver/8.4.12
- version/postgresql jdbc driver/8.4.13
- version/postgresql jdbc driver/8.4.14
- version/postgresql jdbc driver/8.4.15
- version/postgresql jdbc driver/8.4.16
- version/postgresql jdbc driver/8.3
- version/postgresql jdbc driver/8.3.1
- version/postgresql jdbc driver/8.3.2
- version/postgresql jdbc driver/8.3.3
- version/postgresql jdbc driver/8.3.4
- version/postgresql jdbc driver/8.3.5
- version/postgresql jdbc driver/8.3.6
- version/postgresql jdbc driver/8.3.7
- version/postgresql jdbc driver/8.3.8
- version/postgresql jdbc driver/8.3.9
- version/postgresql jdbc driver/8.3.10
- version/postgresql jdbc driver/8.3.11
- version/postgresql jdbc driver/8.3.12
- version/postgresql jdbc driver/8.3.13
- version/postgresql jdbc driver/8.3.14
- version/postgresql jdbc driver/8.3.15
- version/postgresql jdbc driver/8.3.16
- version/postgresql jdbc driver/8.3.17
- version/postgresql jdbc driver/8.3.18
- version/postgresql jdbc driver/8.3.19
- version/postgresql jdbc driver/8.3.20
- version/postgresql jdbc driver/8.3.21
- version/postgresql jdbc driver/8.3.22