Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2013-1901

Published: 4 April 2013

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

Notes

AuthorNote
mdeslaur
looks to be 9.0+ only

Priority

Medium

Status

Package Release Status
postgresql-9.1
Launchpad, Ubuntu, Debian
upstream
Released (9.1.9)
hardy Does not exist

lucid Does not exist

oneiric
Released (9.1.9-0ubuntu11.10)
precise
Released (9.1.9-0ubuntu12.04)
quantal
Released (9.1.9-0ubuntu12.10)
postgresql-8.4
Launchpad, Ubuntu, Debian
upstream
Released (8.4.17)
hardy Does not exist

lucid Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Does not exist

postgresql-8.3
Launchpad, Ubuntu, Debian
upstream Needs triage

hardy Not vulnerable

lucid Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

postgresql-8.2
Launchpad, Ubuntu, Debian
upstream Needs triage

hardy Not vulnerable

lucid Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist