CVE-2013-1901

high

Description

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

References

http://www.ubuntu.com/usn/USN-1789-1

http://www.postgresql.org/docs/current/static/release-9-2-4.html

http://www.postgresql.org/docs/current/static/release-9-1-9.html

http://www.postgresql.org/about/news/1456/

http://www.mandriva.com/security/advisories?name=MDVSA-2013:142

http://www.debian.org/security/2013/dsa-2658

http://support.apple.com/kb/HT5892

http://support.apple.com/kb/HT5880

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html

http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

Details

Source: Mitre, NVD

Published: 2013-04-04

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

Detections

Analytics