CVE-2013-1899
CVE-2013-1899
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00004.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.htmlhttp://support.apple.com/kb/HT5880http://support.apple.com/kb/HT5892http://www.debian.org/security/2013/dsa-2658http://www.mandriva.com/security/advisories?name=MDVSA-2013:142