CVE-2013-1901
Published: 04 April 2013
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
Priority
Status
Package | Release | Status |
---|---|---|
postgresql-8.2 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
postgresql-8.3 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
postgresql-8.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(8.4.17)
|
postgresql-9.1 Launchpad, Ubuntu, Debian |
Upstream |
Released
(9.1.9)
|
Notes
Author | Note |
---|---|
mdeslaur | looks to be 9.0+ only |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901
- https://usn.ubuntu.com/usn/usn-1789-1
- NVD
- Launchpad
- Debian