PT-2012-2920 · Postgresql+2 · Postgresql+2

Heikki Linnakangas

Publicado

2012-05-21

Atualizado

2024-06-15

CVE-2012-0867

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.4.x through 8.4.10 PostgreSQL versions 9.0.x through 9.0.6 PostgreSQL versions 9.1.x through 9.1.2

Description The issue allows remote attackers to spoof connections when the host name is exactly 32 characters, due to the truncation of the common name to only 32 characters in SSL certificate verification. This can occur under certain circumstances, particularly when using third-party certificate authorities.

Recommendations For PostgreSQL versions 8.4.x through 8.4.10, update to version 8.4.11 or later. For PostgreSQL versions 9.0.x through 9.0.6, update to version 9.0.7 or later. For PostgreSQL versions 9.1.x through 9.1.2, update to version 9.1.3 or later.

Correção

RCE

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-295

Identificadores relacionados

CESA-2012_0678

CVE-2012-0867

DSA-2418-1

OPENSUSE-SU-2024:10030-1

OPENSUSE-SU-2024:10256-1

OPENSUSE-SU-2024:10273-1

RHSA-2012:0678

RHSA-2012_0678

Produtos afetados

Centos

Postgresql

Red Hat

PT-2012-2920 · Postgresql+2 · Postgresql+2

CVE-2012-0867

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 72