CVE-2009-4034

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 7.4.x through 7.4.26 PostgreSQL versions 8.0.x through 8.0.22 PostgreSQL versions 8.1.x through 8.1.18 PostgreSQL versions 8.2.x through 8.2.14 PostgreSQL versions 8.3.x through 8.3.8 PostgreSQL versions 8.4.x through 8.4.1

Description The issue allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority. It also allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority. This is related to the improper handling of a '0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate. The issue affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates.

Recommendations For PostgreSQL versions 7.4.x through 7.4.26, update to version 7.4.27 or later. For PostgreSQL versions 8.0.x through 8.0.22, update to version 8.0.23 or later. For PostgreSQL versions 8.1.x through 8.1.18, update to version 8.1.19 or later. For PostgreSQL versions 8.2.x through 8.2.14, update to version 8.2.15 or later. For PostgreSQL versions 8.3.x through 8.3.8, update to version 8.3.9 or later. For PostgreSQL versions 8.4.x through 8.4.1, update to version 8.4.2 or later. As a temporary workaround, consider using a trusted Certificate Authority that always issues valid certificates to minimize the risk of exploitation.