CVE-2009-3229

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.2 through 8.2.13 PostgreSQL versions 8.3 through 8.3.7 PostgreSQL versions 8.4 through 8.4.0

Description The issue allows remote authenticated users to cause a denial of service by shutting down the backend server. This can be achieved by re-LOAD-ing libraries from a certain plugins directory, specifically $libdir/plugins, if any libraries are present there.

Recommendations For PostgreSQL versions 8.2 through 8.2.13, update to version 8.2.14 or later. For PostgreSQL versions 8.3 through 8.3.7, update to version 8.3.8 or later. For PostgreSQL versions 8.4 through 8.4.0, update to version 8.4.1 or later. As a temporary workaround, consider restricting access to the $libdir/plugins directory to prevent re-LOAD-ing of libraries.