CVE-2009-3229

Published Sep 17, 2009

Last updated 6 years ago

CVSS info 4.0

Overview

Description: The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Vendor comments

Red HatNot vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5. In PostgreSQL versions prior to 8.2, only database administrator was able to LOAD additional plugins and use it to cause server crash. However, this does not bypass trust boundary, so its not a security flaw for older PostgreSQL versions. Additionally, no plugins are shipped in Red Hat PostgreSQL packages by default. This issue was addressed in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1461.html .

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7213327F-6909-43A7-952E-11600C28D4E3"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10EF0EA6-C8B6-40A7-A3AE-8639CA94D5C5"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9F645F3-9767-4FD8-94EB-1096DF24E6C3"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C342A823-EF6F-4557-9F9E-D8893EA4C2BA"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B85A443F-0802-412F-9AEE-3525311C93D4"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06253BA8-7F1E-4C79-9B2E-197307A627F0"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A213AB8-A5FE-4062-B895-2FC4B19F60A4"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A3F083E-59A8-41B1-826F-2CA39BD425C9"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE49E2D5-8EAC-49C7-B704-E626FBE7EC35"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5059B2F-B588-463E-8E96-BC9DA129C12E"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C919AF97-9713-44F8-B742-89C438DB0B48"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "400BBC62-5D03-465B-A864-9CD479B963F8"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC8C96F7-7F85-4E47-A05F-15E3C70AF583"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C236CF1-72C0-4C3D-AE04-B67E3F18EEC8"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2A705DF-3654-427F-8B11-62DB0B6C9813"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05AD5D33-86F4-4BFF-BA84-02AA1347BEEB"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02FDCF30-D0F7-48AA-9633-9CC060495F47"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "788975F6-B3F1-4C21-B963-6BA59F14B71C"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6713D96-338B-4467-9F05-3153997F62E2"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01EB1A77-92AD-47FB-8290-D05C9B6C19C4"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74857259-30C7-422D-A24D-BE1E33F09466"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD80066B-787E-496B-88FD-F0AE291468C5"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F30CA60-0A82-45CD-8044-CE245393593D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References