CVE-2005-1409

Sažetak

PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."

Reference

http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
http://www.postgresql.org/about/news.315
http://www.redhat.com/support/errata/RHSA-2005-433.html
http://www.securityfocus.com/archive/1/426302/30/6680/threaded
http://www.securityfocus.com/bid/13476
http://www.vupen.com/english/advisories/2005/0453
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A676

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 15:31

Objavljeno

03-05-2005 - 04:00