CVE-2013-1901

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 9.2.x through 9.2.3 PostgreSQL versions 9.1.x through 9.1.8

Description The issue allows remote authenticated users to bypass intended backup restrictions. This can be achieved by calling the (1) pg start backup or (2) pg stop backup functions. An unprivileged user can run commands that could interfere with in-progress backups. The vulnerability may lead to a violation of confidentiality, integrity, and availability of protected information and can be exploited remotely by an authenticated attacker.

Recommendations For PostgreSQL versions 9.2.x through 9.2.3, update to version 9.2.4 or later. For PostgreSQL versions 9.1.x through 9.1.8, update to version 9.1.9 or later. As a temporary workaround, consider restricting access to the pg start backup and pg stop backup functions until a patch is available.