CVE-2013-1901
Published: 04 April 2013
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
postgresql-8.2 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
|
postgresql-8.3 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
|
postgresql-8.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(8.4.17)
|
|
postgresql-9.1 Launchpad, Ubuntu, Debian |
Upstream |
Released
(9.1.9)
|
Notes
| Author | Note |
|---|---|
| mdeslaur | looks to be 9.0+ only |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901
- https://ubuntu.com/security/notices/USN-1789-1
- NVD
- Launchpad
- Debian