CVE-2013-1899
published 2013-04-04CVE-2013-1899: Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of…
PriorityP357medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
54.31%
98.9th percentile
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | — | — |
Detection & IOCsextracted from sources · hover to see the quote
command-<dbname> (database name beginning with '-' used as connection request to inject command-line flags)↗
- →Detect PostgreSQL connection requests where the database name field begins with a '-' (hyphen/dash) character, which triggers argument injection into the backend process ↗
- →Use the Metasploit auxiliary scanner module postgres_dbname_flag_injection to identify vulnerable PostgreSQL 9.0, 9.1, and 9.2 instances ↗
- →Monitor for unauthorized modification of PostgreSQL server configuration files or replacement of critical database/table files, which may indicate exploitation during crash recovery ↗
- →Monitor for damage or destruction of files within the PostgreSQL server's data directory, a key indicator of exploitation ↗
- ·Vulnerability only affects PostgreSQL 9.0.x before 9.0.13, 9.1.x before 9.1.9, and 9.2.x before 9.2.4; earlier major versions (e.g., 8.x as shipped with RHEL 5/6) are NOT affected ↗
- ·On Ubuntu, the vulnerability only applies to Ubuntu 11.10, 12.04 LTS, and 12.10; other Ubuntu releases are not affected ↗
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ch6v-hpg8-wfmr: Argument injection vulnerability in PostgreSQL 9
ghsa_unreviewed·2022-05-17
CVE-2013-1899 [MEDIUM] CWE-94 GHSA-ch6v-hpg8-wfmr: Argument injection vulnerability in PostgreSQL 9
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Red Hat
postgresql: Insecure switch parsing
vendor_redhat·2013-04-04·CVSS 6.5
CVE-2013-1899 [MEDIUM] postgresql: Insecure switch parsing
postgresql: Insecure switch parsing
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Statement: Not Vulnerable. This issue does not affect the version of postgresql as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of postgresql84 as shipped with Red Hat Enterprise Linux 5.
Package: postgresql (CloudForms Management Engine 5) - Will not fix
Package: postgresql (Red Hat Enterprise Linux 5) - Not affected
Package: postgresql84 (Red Hat Enter
Ubuntu
PostgreSQL vulnerabilities
vendor_ubuntu·2013-04-04·CVSS 6.5
CVE-2013-1899 [MEDIUM] PostgreSQL vulnerabilities
Title: PostgreSQL vulnerabilities
Summary: Several security issues were fixed in PostgreSQL.
Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL
incorrectly handled certain connection requests containing database names
starting with a dash. A remote attacker could use this flaw to damage or
destroy files within a server's data directory. This issue only applied to
Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2013-1899)
Marko Kreen discovered that PostgreSQL incorrectly generated random
numbers. An authenticated attacker could use this flaw to possibly guess
another database user's random numbers. (CVE-2013-1900)
Noah Misch discovered that PostgreSQL incorrectly handled certain privilege
checks. An unprivileged attacker could use this flaw to possibly interfere
wi
No detection rules found.
Bugzilla
CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 postgresql various flaws [fedora-all]
bugzilla·2013-04-04·CVSS 6.5
CVE-2013-1899 [MEDIUM] CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 postgresql various flaws [fedora-all]
CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 postgresql various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue a
Bugzilla
CVE-2013-1899 postgresql: Insecure switch parsing [fedora-all]
bugzilla·2013-04-04·CVSS 6.5
CVE-2013-1899 [MEDIUM] CVE-2013-1899 postgresql: Insecure switch parsing [fedora-all]
CVE-2013-1899 postgresql: Insecure switch parsing [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple s
Bugzilla
CVE-2013-1899 postgresql: Insecure switch parsing
bugzilla·2013-03-29·CVSS 6.5
CVE-2013-1899 [MEDIUM] CVE-2013-1899 postgresql: Insecure switch parsing
CVE-2013-1899 postgresql: Insecure switch parsing
A denial of service flaw was found in the way command switch parsing logic of PostgreSQL, an advanced Object-Relational database management system, processed certain database names (a database name beginning with '-' character was interpreted as it if were a command line switch for a standalone backend). A remote attacker could issue a specially-crafted SQL query that, when processed by the PostgreSQL server would lead to unauthorized modification of the server's configuration file or attacker's ability to replace server's critical database / table with a junk file (of their choose), during the server's crash recovery process (denial of service).
Discussion:
This issue does NOT affect the version of the postgresql package, as shipped wit
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00004.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.htmlhttp://support.apple.com/kb/HT5880http://support.apple.com/kb/HT5892http://www.debian.org/security/2013/dsa-2658http://www.mandriva.com/security/advisories?name=MDVSA-2013:142http://www.postgresql.org/about/news/1456/http://www.postgresql.org/docs/current/static/release-9-0-13.htmlhttp://www.postgresql.org/docs/current/static/release-9-1-9.htmlhttp://www.postgresql.org/docs/current/static/release-9-2-4.htmlhttp://www.postgresql.org/support/security/faq/2013-04-04/http://www.ubuntu.com/usn/USN-1789-1http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00004.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.htmlhttp://support.apple.com/kb/HT5880http://support.apple.com/kb/HT5892http://www.debian.org/security/2013/dsa-2658http://www.mandriva.com/security/advisories?name=MDVSA-2013:142http://www.postgresql.org/about/news/1456/http://www.postgresql.org/docs/current/static/release-9-0-13.htmlhttp://www.postgresql.org/docs/current/static/release-9-1-9.htmlhttp://www.postgresql.org/docs/current/static/release-9-2-4.htmlhttp://www.postgresql.org/support/security/faq/2013-04-04/http://www.ubuntu.com/usn/USN-1789-1
2013-04-04
Published