The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 01:06
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html - Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html - Mailing List | |
References | () http://marc.info/?l=bugtraq&m=134124585221119&w=2 - Mailing List | |
References | () http://secunia.com/advisories/36660 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36727 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36800 - Broken Link | |
References | () http://secunia.com/advisories/36837 - Broken Link | |
References | () http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 - Broken Link | |
References | () http://www.postgresql.org/docs/8.3/static/release-8-3-8.html - Release Notes | |
References | () http://www.postgresql.org/support/security.html - Broken Link, Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/509917/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/36314 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-834-1 - Third Party Advisory | |
References | () http://www.us.debian.org/security/2009/dsa-1900 - Broken Link | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=522084 - Issue Tracking, Patch | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html - Mailing List | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html - Mailing List |
13 Feb 2024, 17:41
Type | Values Removed | Values Added |
---|---|---|
First Time |
Suse linux Enterprise Server
Canonical Opensuse opensuse Opensuse Canonical ubuntu Linux Fedoraproject Suse Fedoraproject fedora Suse linux Enterprise |
|
CPE | cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:* |
cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* |
References | () http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html - Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html - Mailing List | |
References | () http://marc.info/?l=bugtraq&m=134124585221119&w=2 - Mailing List | |
References | () http://secunia.com/advisories/36660 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36727 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/36800 - Broken Link | |
References | () http://secunia.com/advisories/36837 - Broken Link | |
References | () http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 - Broken Link | |
References | () http://www.postgresql.org/docs/8.3/static/release-8-3-8.html - Release Notes | |
References | () http://www.postgresql.org/support/security.html - Broken Link, Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/509917/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/36314 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-834-1 - Third Party Advisory | |
References | () http://www.us.debian.org/security/2009/dsa-1900 - Broken Link | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=522084 - Issue Tracking, Patch | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html - Mailing List | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html - Mailing List |
Information
Published : 2009-09-17 10:30
Updated : 2025-04-09 00:30
NVD link : CVE-2009-3231
Mitre link : CVE-2009-3231
CVE.ORG link : CVE-2009-3231
JSON object : View
Products Affected
suse
- linux_enterprise
- linux_enterprise_server
postgresql
- postgresql
fedoraproject
- fedora
opensuse
- opensuse
canonical
- ubuntu_linux
CWE
CWE-287
Improper Authentication