CVE-2009-3231 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Affected Products (NVD)

Vendor	Product	Version
postgresql	postgresql	8.2 ≤ 𝑥 < 8.2.14
postgresql	postgresql	8.3 ≤ 𝑥 < 8.3.8
opensuse	opensuse	10.3 ≤ 𝑥 ≤ 11.1
suse	linux_enterprise	10.0:sp2
suse	linux_enterprise	11.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
canonical	ubuntu_linux	9.04

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

postgresql-8.3

dapper	dne
hardy	Fixed 8.3.8-0ubuntu8.04 released
intrepid	Fixed 8.3.8-0ubuntu8.10 released
jaunty	Fixed 8.3.8-0ubuntu9.04 released

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

http://marc.info/?l=bugtraq&m=134124585221119&w=2

http://secunia.com/advisories/36660

http://secunia.com/advisories/36727

http://secunia.com/advisories/36800

http://secunia.com/advisories/36837

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012

http://www.postgresql.org/docs/8.3/static/release-8-3-8.html

http://www.postgresql.org/support/security.html

http://www.securityfocus.com/archive/1/509917/100/0/threaded

http://www.securityfocus.com/bid/36314

http://www.ubuntu.com/usn/usn-834-1

http://www.us.debian.org/security/2009/dsa-1900

https://bugzilla.redhat.com/show_bug.cgi?id=522084

https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html

https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

http://marc.info/?l=bugtraq&m=134124585221119&w=2

http://secunia.com/advisories/36660

http://secunia.com/advisories/36727

http://secunia.com/advisories/36800

http://secunia.com/advisories/36837

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012

http://www.postgresql.org/docs/8.3/static/release-8-3-8.html

http://www.postgresql.org/support/security.html

http://www.securityfocus.com/archive/1/509917/100/0/threaded

http://www.securityfocus.com/bid/36314

http://www.ubuntu.com/usn/usn-834-1

http://www.us.debian.org/security/2009/dsa-1900

https://bugzilla.redhat.com/show_bug.cgi?id=522084

https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html

https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html