CVE-2013-1901
Published: 4 April 2013
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
Notes
| Author | Note |
|---|---|
| mdeslaur | looks to be 9.0+ only |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
postgresql-8.2 Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
postgresql-8.3 Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
postgresql-8.4 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| quantal |
Does not exist
|
|
| upstream |
Released
(8.4.17)
|
|
|
postgresql-9.1 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| oneiric |
Released
(9.1.9-0ubuntu11.10)
|
|
| precise |
Released
(9.1.9-0ubuntu12.04)
|
|
| quantal |
Released
(9.1.9-0ubuntu12.10)
|
|
| upstream |
Released
(9.1.9)
|