Vulnerability Details : CVE-2009-4034
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Exploit prediction scoring system (EPSS) score for CVE-2009-4034
Probability of exploitation activity in the next 30 days: 0.35%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-4034
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:P |
8.6
|
4.9
|
[email protected] |
CWE ids for CVE-2009-4034
-
Assigned by: [email protected] (Primary)
Vendor statements for CVE-2009-4034
-
Red Hat 2010-01-07This issue is only security-relevant in PostgreSQL versions 8.4 and later as previous versions did not compare the connection host name with the certificate CommonName at all. Client certificate authentication was introduced in version 8.4. Red Hat Enterprise Linux 5 and earlier provided PostgreSQL versions 8.1.x and earlier, and are thus not affected by this issue.
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:333
- http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html
-
http://www.postgresql.org/docs/current/static/release-8-3-9.html
Patch;Vendor Advisory
-
http://www.postgresql.org/docs/current/static/release-8-4-2.html
Patch;Vendor Advisory
- http://marc.info/?l=bugtraq&m=134124585221119&w=2
-
http://www.postgresql.org/support/security.html
Vendor Advisory
-
http://www.postgresql.org/docs/current/static/release-7-4-27.html
Patch;Vendor Advisory
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html
-
http://www.postgresql.org/docs/current/static/release-8-2-15.html
Patch;Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
-
http://www.securitytracker.com/id?1023325
- http://www.vupen.com/english/advisories/2009/3519
-
http://www.securityfocus.com/bid/37334
- http://www.securityfocus.com/archive/1/509917/100/0/threaded
-
http://www.postgresql.org/docs/current/static/release-8-1-19.html
Patch;Vendor Advisory
-
http://www.postgresql.org/docs/current/static/release-8-0-23.html
Patch;Vendor Advisory
- cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.24:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.25:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:7.4.26:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*