CVE-2012-0867

Sažetak

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Reference

http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
http://rhn.redhat.com/errata/RHSA-2012-0678.html
http://secunia.com/advisories/49273
http://www.debian.org/security/2012/dsa-2418
http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
http://www.postgresql.org/about/news/1377/
http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
http://www.postgresql.org/docs/9.1/static/release-9-1-3.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-12-2016 - 19:56

Objavljeno

18-07-2012 - 23:55