CVE-2013-1903
First published: Thu Apr 04 2013(Updated: )
PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL JDBC Driver | =9.2 | |
| PostgreSQL JDBC Driver | =9.2.1 | |
| PostgreSQL JDBC Driver | =9.2.2 | |
| PostgreSQL JDBC Driver | =9.2.3 | |
| PostgreSQL JDBC Driver | =9.1 | |
| PostgreSQL JDBC Driver | =9.1.1 | |
| PostgreSQL JDBC Driver | =9.1.2 | |
| PostgreSQL JDBC Driver | =9.1.3 | |
| PostgreSQL JDBC Driver | =9.1.4 | |
| PostgreSQL JDBC Driver | =9.1.5 | |
| PostgreSQL JDBC Driver | =9.1.6 | |
| PostgreSQL JDBC Driver | =9.1.7 | |
| PostgreSQL JDBC Driver | =9.1.8 | |
| PostgreSQL JDBC Driver | =9.0 | |
| PostgreSQL JDBC Driver | =9.0.1 | |
| PostgreSQL JDBC Driver | =9.0.2 | |
| PostgreSQL JDBC Driver | =9.0.3 | |
| PostgreSQL JDBC Driver | =9.0.4 | |
| PostgreSQL JDBC Driver | =9.0.5 | |
| PostgreSQL JDBC Driver | =9.0.6 | |
| PostgreSQL JDBC Driver | =9.0.7 | |
| PostgreSQL JDBC Driver | =9.0.8 | |
| PostgreSQL JDBC Driver | =9.0.9 | |
| PostgreSQL JDBC Driver | =9.0.10 | |
| PostgreSQL JDBC Driver | =9.0.11 | |
| PostgreSQL JDBC Driver | =9.0.12 | |
| PostgreSQL JDBC Driver | =8.4 | |
| PostgreSQL JDBC Driver | =8.4.1 | |
| PostgreSQL JDBC Driver | =8.4.2 | |
| PostgreSQL JDBC Driver | =8.4.3 | |
| PostgreSQL JDBC Driver | =8.4.4 | |
| PostgreSQL JDBC Driver | =8.4.5 | |
| PostgreSQL JDBC Driver | =8.4.6 | |
| PostgreSQL JDBC Driver | =8.4.7 | |
| PostgreSQL JDBC Driver | =8.4.8 | |
| PostgreSQL JDBC Driver | =8.4.9 | |
| PostgreSQL JDBC Driver | =8.4.10 | |
| PostgreSQL JDBC Driver | =8.4.11 | |
| PostgreSQL JDBC Driver | =8.4.12 | |
| PostgreSQL JDBC Driver | =8.4.13 | |
| PostgreSQL JDBC Driver | =8.4.14 | |
| PostgreSQL JDBC Driver | =8.4.15 | |
| PostgreSQL JDBC Driver | =8.4.16 | |
| PostgreSQL JDBC Driver | =8.3 | |
| PostgreSQL JDBC Driver | =8.3.1 | |
| PostgreSQL JDBC Driver | =8.3.2 | |
| PostgreSQL JDBC Driver | =8.3.3 | |
| PostgreSQL JDBC Driver | =8.3.4 | |
| PostgreSQL JDBC Driver | =8.3.5 | |
| PostgreSQL JDBC Driver | =8.3.6 | |
| PostgreSQL JDBC Driver | =8.3.7 | |
| PostgreSQL JDBC Driver | =8.3.8 | |
| PostgreSQL JDBC Driver | =8.3.9 | |
| PostgreSQL JDBC Driver | =8.3.10 | |
| PostgreSQL JDBC Driver | =8.3.11 | |
| PostgreSQL JDBC Driver | =8.3.12 | |
| PostgreSQL JDBC Driver | =8.3.13 | |
| PostgreSQL JDBC Driver | =8.3.14 | |
| PostgreSQL JDBC Driver | =8.3.15 | |
| PostgreSQL JDBC Driver | =8.3.16 | |
| PostgreSQL JDBC Driver | =8.3.17 | |
| PostgreSQL JDBC Driver | =8.3.18 | |
| PostgreSQL JDBC Driver | =8.3.19 | |
| PostgreSQL JDBC Driver | =8.3.20 | |
| PostgreSQL JDBC Driver | =8.3.21 | |
| PostgreSQL JDBC Driver | =8.3.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-1903?
The severity of CVE-2013-1903 is considered moderate due to the potential exposure of the superuser password.
How do I fix CVE-2013-1903?
To fix CVE-2013-1903, you should upgrade to PostgreSQL version 9.2.4 or later, 9.1.9 or later, 9.0.13 or later, 8.4.17 or later, or 8.3.23 or later.
Which PostgreSQL versions are affected by CVE-2013-1903?
CVE-2013-1903 affects PostgreSQL versions 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23.
What impact does CVE-2013-1903 have?
CVE-2013-1903 may allow unauthorized access to sensitive database functionalities as the superuser password might be exposed.
Are there any known exploit methods for CVE-2013-1903?
As of now, CVE-2013-1903 has unspecified attack vectors, indicating it may not have publicly known exploits.
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/postgresql
- canonical/postgresql jdbc driver
- version/postgresql jdbc driver/9.2
- version/postgresql jdbc driver/9.2.1
- version/postgresql jdbc driver/9.2.2
- version/postgresql jdbc driver/9.2.3
- version/postgresql jdbc driver/9.1
- version/postgresql jdbc driver/9.1.1
- version/postgresql jdbc driver/9.1.2
- version/postgresql jdbc driver/9.1.3
- version/postgresql jdbc driver/9.1.4
- version/postgresql jdbc driver/9.1.5
- version/postgresql jdbc driver/9.1.6
- version/postgresql jdbc driver/9.1.7
- version/postgresql jdbc driver/9.1.8
- version/postgresql jdbc driver/9.0
- version/postgresql jdbc driver/9.0.1
- version/postgresql jdbc driver/9.0.2
- version/postgresql jdbc driver/9.0.3
- version/postgresql jdbc driver/9.0.4
- version/postgresql jdbc driver/9.0.5
- version/postgresql jdbc driver/9.0.6
- version/postgresql jdbc driver/9.0.7
- version/postgresql jdbc driver/9.0.8
- version/postgresql jdbc driver/9.0.9
- version/postgresql jdbc driver/9.0.10
- version/postgresql jdbc driver/9.0.11
- version/postgresql jdbc driver/9.0.12
- version/postgresql jdbc driver/8.4
- version/postgresql jdbc driver/8.4.1
- version/postgresql jdbc driver/8.4.2
- version/postgresql jdbc driver/8.4.3
- version/postgresql jdbc driver/8.4.4
- version/postgresql jdbc driver/8.4.5
- version/postgresql jdbc driver/8.4.6
- version/postgresql jdbc driver/8.4.7
- version/postgresql jdbc driver/8.4.8
- version/postgresql jdbc driver/8.4.9
- version/postgresql jdbc driver/8.4.10
- version/postgresql jdbc driver/8.4.11
- version/postgresql jdbc driver/8.4.12
- version/postgresql jdbc driver/8.4.13
- version/postgresql jdbc driver/8.4.14
- version/postgresql jdbc driver/8.4.15
- version/postgresql jdbc driver/8.4.16
- version/postgresql jdbc driver/8.3
- version/postgresql jdbc driver/8.3.1
- version/postgresql jdbc driver/8.3.2
- version/postgresql jdbc driver/8.3.3
- version/postgresql jdbc driver/8.3.4
- version/postgresql jdbc driver/8.3.5
- version/postgresql jdbc driver/8.3.6
- version/postgresql jdbc driver/8.3.7
- version/postgresql jdbc driver/8.3.8
- version/postgresql jdbc driver/8.3.9
- version/postgresql jdbc driver/8.3.10
- version/postgresql jdbc driver/8.3.11
- version/postgresql jdbc driver/8.3.12
- version/postgresql jdbc driver/8.3.13
- version/postgresql jdbc driver/8.3.14
- version/postgresql jdbc driver/8.3.15
- version/postgresql jdbc driver/8.3.16
- version/postgresql jdbc driver/8.3.17
- version/postgresql jdbc driver/8.3.18
- version/postgresql jdbc driver/8.3.19
- version/postgresql jdbc driver/8.3.20
- version/postgresql jdbc driver/8.3.21
- version/postgresql jdbc driver/8.3.22