Vulnerability Details : CVE-2009-3229

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
Publish Date : 2009-09-17 Last Update Date : 2010-03-26

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Related Tweets Even more tweets Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

Cvss Score	4.0
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Single system (The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).)
Gained Access	None
Vulnerability Type(s)	Denial Of Service
CWE ID	CWE id is not defined for this vulnerability

- Vendor Statements

Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5. In PostgreSQL versions prior to 8.2, only database administrator was able to LOAD additional plugins and use it to cause server crash. However, this does not bypass trust boundary, so its not a security flaw for older PostgreSQL versions. Additionally, no plugins are shipped in Red Hat PostgreSQL packages by default. This issue was addressed in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1461.html .
Source: Redhat

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	low	4.0	AV:N/AC:L/Au:S/C:N/I:N/A:P	2009-09-09	2009-09-09

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Class	Family
CVE-2009-3229	oval:org.opensuse.security:def:20093229		unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2009-3229

#	Product Type	Vendor	Product	Version
1	Application	Postgresql	Postgresql	8.2	Details Vulnerabilities
2	Application	Postgresql	Postgresql	8.2.1	Details Vulnerabilities
3	Application	Postgresql	Postgresql	8.2.2	Details Vulnerabilities
4	Application	Postgresql	Postgresql	8.2.3	Details Vulnerabilities
5	Application	Postgresql	Postgresql	8.2.4	Details Vulnerabilities
6	Application	Postgresql	Postgresql	8.2.5	Details Vulnerabilities
7	Application	Postgresql	Postgresql	8.2.6	Details Vulnerabilities
8	Application	Postgresql	Postgresql	8.2.7	Details Vulnerabilities
9	Application	Postgresql	Postgresql	8.2.8	Details Vulnerabilities
10	Application	Postgresql	Postgresql	8.2.9	Details Vulnerabilities
11	Application	Postgresql	Postgresql	8.2.10	Details Vulnerabilities
12	Application	Postgresql	Postgresql	8.2.11	Details Vulnerabilities
13	Application	Postgresql	Postgresql	8.2.12	Details Vulnerabilities
14	Application	Postgresql	Postgresql	8.2.13	Details Vulnerabilities
15	Application	Postgresql	Postgresql	8.3	Details Vulnerabilities
16	Application	Postgresql	Postgresql	8.3.1	Details Vulnerabilities
17	Application	Postgresql	Postgresql	8.3.2	Details Vulnerabilities
18	Application	Postgresql	Postgresql	8.3.3	Details Vulnerabilities
19	Application	Postgresql	Postgresql	8.3.4	Details Vulnerabilities
20	Application	Postgresql	Postgresql	8.3.5	Details Vulnerabilities
21	Application	Postgresql	Postgresql	8.3.6	Details Vulnerabilities
22	Application	Postgresql	Postgresql	8.3.7	Details Vulnerabilities
23	Application	Postgresql	Postgresql	8.4	Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Postgresql	Postgresql	23

- References For CVE-2009-3229

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
SUSE SUSE-SR:2009:016

http://secunia.com/advisories/36660
SECUNIA 36660

http://secunia.com/advisories/36800
SECUNIA 36800

http://secunia.com/advisories/36727
SECUNIA 36727

http://secunia.com/advisories/36837
SECUNIA 36837

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 CONFIRM

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
SUNALERT 270408

http://www.postgresql.org/docs/8.3/static/release-8-3-8.html CONFIRM

http://www.postgresql.org/support/security.html CONFIRM

http://www.securityfocus.com/bid/36314
BID 36314 PostgreSQL Multiple Security Vulnerabilities Release Date:2012-07-02

http://www.securityfocus.com/archive/1/archive/1/509917/100/0/threaded
BUGTRAQ 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server

http://www.ubuntu.com/usn/usn-834-1
UBUNTU USN-834-1

http://www.us.debian.org/security/2009/dsa-1900
DEBIAN DSA-1900

https://bugzilla.redhat.com/show_bug.cgi?id=522092 CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
SUSE SUSE-SR:2009:017

https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
FEDORA FEDORA-2009-9473

https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html
FEDORA FEDORA-2009-9474

- Metasploit Modules Related To CVE-2009-3229

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)