cbcvebase.
CVE-2013-1899
published 2013-04-04

CVE-2013-1899: Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of…

PriorityP357medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
54.31%
98.9th percentile
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql
postgresqlpostgresql

Detection & IOCsextracted from sources · hover to see the quote

command-<dbname> (database name beginning with '-' used as connection request to inject command-line flags)
  • Detect PostgreSQL connection requests where the database name field begins with a '-' (hyphen/dash) character, which triggers argument injection into the backend process
  • Use the Metasploit auxiliary scanner module postgres_dbname_flag_injection to identify vulnerable PostgreSQL 9.0, 9.1, and 9.2 instances
  • Monitor for unauthorized modification of PostgreSQL server configuration files or replacement of critical database/table files, which may indicate exploitation during crash recovery
  • Monitor for damage or destruction of files within the PostgreSQL server's data directory, a key indicator of exploitation
  • ·Vulnerability only affects PostgreSQL 9.0.x before 9.0.13, 9.1.x before 9.1.9, and 9.2.x before 9.2.4; earlier major versions (e.g., 8.x as shipped with RHEL 5/6) are NOT affected
  • ·On Ubuntu, the vulnerability only applies to Ubuntu 11.10, 12.04 LTS, and 12.10; other Ubuntu releases are not affected

CVSS provenance

nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.