Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-3231

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

Published

2009-09-17T10:30:01.233

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	postgresql	postgresql	< 8.2.14	Yes
Application	postgresql	postgresql	< 8.3.8	Yes
Operating System	opensuse	opensuse	≤ 11.1	Yes
Operating System	suse	linux_enterprise	10.0	Yes
Operating System	suse	linux_enterprise	11.0	Yes
Operating System	suse	linux_enterprise_server	9	Yes
Operating System	fedoraproject	fedora	10	Yes
Operating System	fedoraproject	fedora	11	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes
Operating System	canonical	ubuntu_linux	9.04	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html Mailing List ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html Mailing List ([email protected])
http://marc.info/?l=bugtraq&m=134124585221119&w=2 Mailing List ([email protected])
http://marc.info/?l=bugtraq&m=134124585221119&w=2 Mailing List ([email protected])
http://secunia.com/advisories/36660 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/36727 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/36800 Broken Link ([email protected])
http://secunia.com/advisories/36837 Broken Link ([email protected])
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 Broken Link ([email protected])
http://www.postgresql.org/docs/8.3/static/release-8-3-8.html Release Notes ([email protected])
http://www.postgresql.org/support/security.html Broken Link, Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/509917/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/36314 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-834-1 Third Party Advisory ([email protected])
http://www.us.debian.org/security/2009/dsa-1900 Broken Link ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=522084 Issue Tracking, Patch ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html Mailing List ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html Mailing List ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=134124585221119&w=2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=134124585221119&w=2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36660 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36727 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36800 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36837 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.postgresql.org/docs/8.3/static/release-8-3-8.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.postgresql.org/support/security.html Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/509917/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/36314 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-834-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.us.debian.org/security/2009/dsa-1900 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=522084 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)