FKIE_CVE-2009-3229

Vulnerability from fkie_nvd - Published: 2009-09-17 10:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=134124585221119&w=2
cve@mitre.orghttp://secunia.com/advisories/36660Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36727Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/36800
cve@mitre.orghttp://secunia.com/advisories/36837
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
cve@mitre.orghttp://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
cve@mitre.orghttp://www.postgresql.org/docs/8.3/static/release-8-3-8.html
cve@mitre.orghttp://www.postgresql.org/support/security.htmlVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/509917/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/36314
cve@mitre.orghttp://www.ubuntu.com/usn/usn-834-1
cve@mitre.orghttp://www.us.debian.org/security/2009/dsa-1900
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=522092
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134124585221119&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36660Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36727Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36800
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36837
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
af854a3a-2127-422b-91ae-364da2661108http://www.postgresql.org/docs/8.3/static/release-8-3-8.html
af854a3a-2127-422b-91ae-364da2661108http://www.postgresql.org/support/security.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/509917/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36314
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-834-1
af854a3a-2127-422b-91ae-364da2661108http://www.us.debian.org/security/2009/dsa-1900
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=522092
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html
Impacted products
Vendor Product Version
postgresql postgresql 8.2
postgresql postgresql 8.2.1
postgresql postgresql 8.2.2
postgresql postgresql 8.2.3
postgresql postgresql 8.2.4
postgresql postgresql 8.2.5
postgresql postgresql 8.2.6
postgresql postgresql 8.2.7
postgresql postgresql 8.2.8
postgresql postgresql 8.2.9
postgresql postgresql 8.2.10
postgresql postgresql 8.2.11
postgresql postgresql 8.2.12
postgresql postgresql 8.2.13
postgresql postgresql 8.3
postgresql postgresql 8.3.1
postgresql postgresql 8.3.2
postgresql postgresql 8.3.3
postgresql postgresql 8.3.4
postgresql postgresql 8.3.5
postgresql postgresql 8.3.6
postgresql postgresql 8.3.7
postgresql postgresql 8.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7213327F-6909-43A7-952E-11600C28D4E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10EF0EA6-C8B6-40A7-A3AE-8639CA94D5C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F645F3-9767-4FD8-94EB-1096DF24E6C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C342A823-EF6F-4557-9F9E-D8893EA4C2BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85A443F-0802-412F-9AEE-3525311C93D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "06253BA8-7F1E-4C79-9B2E-197307A627F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A213AB8-A5FE-4062-B895-2FC4B19F60A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A3F083E-59A8-41B1-826F-2CA39BD425C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE49E2D5-8EAC-49C7-B704-E626FBE7EC35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5059B2F-B588-463E-8E96-BC9DA129C12E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C919AF97-9713-44F8-B742-89C438DB0B48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "400BBC62-5D03-465B-A864-9CD479B963F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC8C96F7-7F85-4E47-A05F-15E3C70AF583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C236CF1-72C0-4C3D-AE04-B67E3F18EEC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A705DF-3654-427F-8B11-62DB0B6C9813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD5D33-86F4-4BFF-BA84-02AA1347BEEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02FDCF30-D0F7-48AA-9633-9CC060495F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "788975F6-B3F1-4C21-B963-6BA59F14B71C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6713D96-338B-4467-9F05-3153997F62E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "01EB1A77-92AD-47FB-8290-D05C9B6C19C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74857259-30C7-422D-A24D-BE1E33F09466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD80066B-787E-496B-88FD-F0AE291468C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F30CA60-0A82-45CD-8044-CE245393593D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by \"re-LOAD-ing\" libraries from a certain plugins directory."
    },
    {
      "lang": "es",
      "value": "El componente core server de PostgreSQL desde v8.4 anteriores a v8.4.1, desde v8.3 anteriores a v8.3.8, y desde v8.2 anteriores a v8.2.14  permite a usuarios remotos autenticados producir una denegaci\u00f3n de servicio (ca\u00edda del backend) mediante \"recarga\" de librer\u00edas desde cierto directorio de plugins."
    }
  ],
  "id": "CVE-2009-3229",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-17T10:30:00.907",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=134124585221119\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36660"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36727"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36800"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36837"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-8.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.postgresql.org/support/security.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/509917/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36314"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-834-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.us.debian.org/security/2009/dsa-1900"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522092"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134124585221119\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-8.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.postgresql.org/support/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/509917/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-834-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.us.debian.org/security/2009/dsa-1900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5.\n\nIn PostgreSQL versions prior to 8.2, only database administrator was able to LOAD additional plugins and use it to cause server crash.  However, this does not bypass trust boundary, so its not a security flaw for older PostgreSQL versions.  Additionally, no plugins are shipped in Red Hat PostgreSQL packages by default.\n\nThis issue was addressed in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1461.html .",
      "lastModified": "2009-09-24T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.