MA-192.092009: MyCERT Alert - Multiple Vulnerabilities in PostgreSQL 1.0 Introduction Multiple critical vulnerabilities have been identified in PostgreSQL. These vulnerabilities include denial-of-service issue, privilege-escalation issue and authentication-bypass issue. 2.0 Impact An attacker who has successfully exploited these vulnerabilities can shut down affected servers, perform certain actions with elevated privileges and bypass authentication mechanisms to perform unauthorized actions. Other attacks may also be possible. 3.0 Affected Products - PostgreSQL PostgreSQL 8.4
- PostgreSQL PostgreSQL 8.3.7
- PostgreSQL PostgreSQL 8.2.13
- PostgreSQL PostgreSQL 8.1.17
- PostgreSQL PostgreSQL 8.0.21
- PostgreSQL PostgreSQL 7.4.25
4.0 Recommendation Users are recommended to upgrade to the latest update released for specific version used. Versions that are not affected by these vulnerabilities are: - PostgreSQL PostgreSQL 8.4.1
- PostgreSQL PostgreSQL 8.3.8
- PostgreSQL PostgreSQL 8.2.14
- PostgreSQL PostgreSQL 8.1.18
- PostgreSQL PostgreSQL 8.0.22
- PostgreSQL PostgreSQL 7.4.26
Users can obtain the update from the following URL: http://www.postgresql.org/download/ MyCERT advises the users of this product to be updated with the latest security announcements by the vendor.
MyCERT can be reached through the following channels: E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my 5.0 References |
