CVE-2012-0868

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.3.x through 8.3.17 PostgreSQL versions 8.4.x through 8.4.10 PostgreSQL versions 9.0.x through 9.0.6 PostgreSQL versions 9.1.x through 9.1.2

Description The issue allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines. These newlines are inserted into an SQL script used when the database is restored, enabling the execution of arbitrary SQL commands. This is a result of a CRLF injection vulnerability in pg dump.

Recommendations For PostgreSQL versions 8.3.x through 8.3.17, update to version 8.3.18 or later. For PostgreSQL versions 8.4.x through 8.4.10, update to version 8.4.11 or later. For PostgreSQL versions 9.0.x through 9.0.6, update to version 9.0.7 or later. For PostgreSQL versions 9.1.x through 9.1.2, update to version 9.1.3 or later.