Vulnerability Details : CVE-2009-3229
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
Vulnerability category: Denial of service
Products affected by CVE-2009-3229
- cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:*
Threat overview for CVE-2009-3229
Top countries where our scanners detected CVE-2009-3229
Top open port discovered on systems with this issue
5432
IPs affected by CVE-2009-3229 20,282
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-3229!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-3229
1.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3229
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
Vendor statements for CVE-2009-3229
-
Red Hat 2009-09-24Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5. In PostgreSQL versions prior to 8.2, only database administrator was able to LOAD additional plugins and use it to cause server crash. However, this does not bypass trust boundary, so its not a security flaw for older PostgreSQL versions. Additionally, no plugins are shipped in Red Hat PostgreSQL packages by default. This issue was addressed in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1461.html .
References for CVE-2009-3229
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
-
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html
[SECURITY] Fedora 10 Update: postgresql-8.3.8-1.fc10
-
http://marc.info/?l=bugtraq&m=134124585221119&w=2
'[security bulletin] HPSBMU02781 SSRT100617 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux' - MARC
-
https://bugzilla.redhat.com/show_bug.cgi?id=522092
-
http://www.postgresql.org/support/security.html
PostgreSQL: Not FoundVendor Advisory
-
http://www.postgresql.org/docs/8.3/static/release-8-3-8.html
PostgreSQL: Documentation: 8.3: Release 8.3.8
-
http://www.us.debian.org/security/2009/dsa-1900
-
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
[SECURITY] Fedora 11 Update: postgresql-8.3.8-1.fc11
-
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:016 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.securityfocus.com/bid/36314
-
http://www.securityfocus.com/archive/1/509917/100/0/threaded
-
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:017 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.ubuntu.com/usn/usn-834-1
USN-834-1: PostgreSQL vulnerabilities | Ubuntu security notices | Ubuntu
Jump to