Your submission was sent successfully! Close

CVE-2013-1901

Published: 4 April 2013

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

Priority

Medium

Status

Package Release Status
postgresql-8.2
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream Needs triage

postgresql-8.3
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream Needs triage

postgresql-8.4
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Does not exist

upstream
Released (8.4.17)
postgresql-9.1
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric
Released (9.1.9-0ubuntu11.10)
precise
Released (9.1.9-0ubuntu12.04)
quantal
Released (9.1.9-0ubuntu12.10)
upstream
Released (9.1.9)