Search criteria
3 vulnerabilities found for desktop_workstation by redhat
FKIE_CVE-2012-0867
Vulnerability from fkie_nvd - Published: 2012-07-18 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse_project | opensuse | 12.2 | |
| postgresql | postgresql | 8.4 | |
| postgresql | postgresql | 8.4.1 | |
| postgresql | postgresql | 8.4.2 | |
| postgresql | postgresql | 8.4.3 | |
| postgresql | postgresql | 8.4.4 | |
| postgresql | postgresql | 8.4.5 | |
| postgresql | postgresql | 8.4.6 | |
| postgresql | postgresql | 8.4.7 | |
| postgresql | postgresql | 8.4.8 | |
| postgresql | postgresql | 8.4.9 | |
| postgresql | postgresql | 8.4.10 | |
| postgresql | postgresql | 9.0 | |
| postgresql | postgresql | 9.0.1 | |
| postgresql | postgresql | 9.0.2 | |
| postgresql | postgresql | 9.0.3 | |
| postgresql | postgresql | 9.0.4 | |
| postgresql | postgresql | 9.0.5 | |
| postgresql | postgresql | 9.0.6 | |
| debian | debian_linux | 6.0 | |
| redhat | desktop_workstation | 5 | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_hpc_node | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server_aus | 6.2 | |
| redhat | enterprise_linux_server_eus | 6.2.z | |
| redhat | enterprise_linux_workstation | 6.0 | |
| postgresql | postgresql | 9.1 | |
| postgresql | postgresql | 9.1.1 | |
| postgresql | postgresql | 9.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse_project:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06FD3E94-06C6-4C93-B6EB-442D1B5C62AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F30CA60-0A82-45CD-8044-CE245393593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C991F71-1E27-47A6-97DC-424FC3EF6011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5740C7AA-1772-41D8-9851-3E3669CD8521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "970338CD-A680-4DD0-BD27-459B0DDA4002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A99C579D-44C0-40A4-A4EB-CBCF40D0C2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9E57FA-5EAE-4698-992D-146C6310E0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C66CDEC1-FB2E-49B7-A8BE-38E43C8ED652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87DF2937-9C51-4768-BAB1-901BCA636ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "515C0ECD-2D95-4B6E-8E2F-DAF94E4A310F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0EB754-7A71-40FA-9EAD-44914EB758C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1089D316-D5A3-4F2D-9E52-57FD626A1D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD4DE67-9E3C-4F79-8AAB-344C1C46C618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB718D2-97AA-4D61-AA4B-2216EEF55F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "605C06BF-54A0-40F8-A01E-8641B4A83035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1F5B75-78D5-408E-8148-CA23DCED9CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "88DE8C27-0E0A-4428-B25D-054D4FC6FEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F609DDE4-0858-4F83-B8E6-7870196E21CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "349F02AF-013E-4264-9717-010293A3D6E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:desktop_workstation:5:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F8A72C-443B-4FC8-9A9C-311A3ED94257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2.z:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3115B4-5DF0-415B-83D9-CC460AF75586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796DBEC-FF4F-4749-90D5-AD83D8B5E086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79108278-D644-4506-BD9C-F464C6E817B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10CF0AA0-41CD-4D50-BA7A-BF8846115C95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters."
},
{
"lang": "es",
"value": "PostgreSQL v8.4.x antes de v8.4.11, v9.0.x antes de v9.0.7, y v9.1.x antes de v9.1.3 trunca el nombre com\u00fan a s\u00f3lo 32 caracteres en la verificaci\u00f3n de los certificados SSL, lo que permite a atacantes remotos falsificar conexiones cuando el nombre de host es exactamente de 32 caracteres."
}
],
"id": "CVE-2012-0867",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-18T23:55:01.827",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/49273"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2418"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.postgresql.org/about/news/1377/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.postgresql.org/about/news/1377/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-0867 (GCVE-0-2012-0867)
Vulnerability from cvelistv5 – Published: 2012-07-18 23:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/about/news/1377/"
},
{
"name": "49273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49273"
},
{
"name": "RHSA-2012:0678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
},
{
"name": "MDVSA-2012:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
},
{
"name": "DSA-2418",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
},
{
"name": "openSUSE-SU-2012:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/about/news/1377/"
},
{
"name": "49273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49273"
},
{
"name": "RHSA-2012:0678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
},
{
"name": "MDVSA-2012:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
},
{
"name": "DSA-2418",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
},
{
"name": "openSUSE-SU-2012:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0867",
"datePublished": "2012-07-18T23:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0867 (GCVE-0-2012-0867)
Vulnerability from nvd – Published: 2012-07-18 23:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/about/news/1377/"
},
{
"name": "49273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49273"
},
{
"name": "RHSA-2012:0678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
},
{
"name": "MDVSA-2012:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
},
{
"name": "DSA-2418",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
},
{
"name": "openSUSE-SU-2012:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/about/news/1377/"
},
{
"name": "49273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49273"
},
{
"name": "RHSA-2012:0678",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0678.html"
},
{
"name": "MDVSA-2012:026",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html"
},
{
"name": "DSA-2418",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html"
},
{
"name": "openSUSE-SU-2012:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0867",
"datePublished": "2012-07-18T23:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}