CVE-2009-3231

CVSS V2 Medium 6.8 CVSS V3 None
Description
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
Overview
  • CVE ID
  • CVE-2009-3231
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-09-17T10:30:01
  • Last Modified Date
  • 2018-10-10T19:43:19
Weakness Enumerations
CWE URL
CWE-287 http://cwe.mitre.org/data/definitions/287.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
https://bugzilla.redhat.com/show_bug.cgi?id=522084
http://www.securityfocus.com/bid/36314
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html
http://www.postgresql.org/docs/8.3/static/release-8-3-8.html
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
http://www.postgresql.org/support/security.html Vendor Advisory
http://secunia.com/advisories/36727 Vendor Advisory
http://secunia.com/advisories/36660 Vendor Advisory
http://secunia.com/advisories/36837
http://www.us.debian.org/security/2009/dsa-1900
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://secunia.com/advisories/36800
http://www.ubuntu.com/usn/usn-834-1
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
http://marc.info/?l=bugtraq&m=134124585221119&w=2
http://www.securityfocus.com/archive/1/509917/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2009-3231
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231
History
Created Old Value New Value Data Type Notes
2022-05-10 18:32:19 Added to TrackCVE