PostgreSQL Denial Of Service Vulnerability - Apr13 (Windows) Network Vulnerability

Summary

This host is installed with PostgreSQL and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitary SQL query, gain access or manipulate arbitrary files, and cause denial of service. Impact Level: Application

Solution

Upgrade to PostgreSQL 9.0.13, 9.1.9, 9.2.4 or later, For updates refer to http://www.postgresql.org/download

Insight

Improper validation of connection request that contains database name begins with the '-' symbol

Affected

PostgreSQL version 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13

References

http://osvdb.org/91962
http://secunia.com/advisories/52837
http://securitytracker.com/id?1028387
http://www.postgresql.org/about/news/1456

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1899

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability
AVG Anti-Virus UPX Processing Denial of Service Vulnerability
Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability
Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)
Apache Connection Blocking Denial of Service

PostgreSQL Denial of Service Vulnerability - Apr13 (Windows)

Take action and discover your vulnerabilities