PostgreSQL CVE-2013-1902 Insecure Temporary File Creation Vulnerability
BID:58877
Info
PostgreSQL CVE-2013-1902 Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 58877 |
| Class: | Design Error |
| CVE: |
CVE-2013-1902 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 04 2013 12:00AM |
| Updated: | Apr 04 2013 12:00AM |
| Credit: | Stefan Kaltenbrunner |
| Vulnerable: |
PostgreSQL PostgreSQL 9.1.3 PostgreSQL PostgreSQL 9.0.1 PostgreSQL PostgreSQL 9.0 PostgreSQL PostgreSQL 8.4.11 PostgreSQL PostgreSQL 8.4.10 PostgreSQL PostgreSQL 8.4.1 PostgreSQL PostgreSQL 8.3.18 PostgreSQL PostgreSQL 8.3.14 PostgreSQL PostgreSQL 8.3.11 PostgreSQL PostgreSQL 9.2 PostgreSQL PostgreSQL 9.1.4 PostgreSQL PostgreSQL 9.1 PostgreSQL PostgreSQL 8.4.12 PostgreSQL PostgreSQL 8.4 PostgreSQL PostgreSQL 8.3.19 PostgreSQL PostgreSQL 8.3 |
| Not Vulnerable: | |
Discussion
PostgreSQL CVE-2013-1902 Insecure Temporary File Creation Vulnerability
PostgreSQL is prone to an insecure temporary-file-creation vulnerability.
Local attackers may be able to perform symbolic-link attacks to overwrite arbitrary files in the context of the affected application. Other attacks may also be possible.
Versions prior to PostgreSQL 9.2.4, 9.1.9, 9.0.13, 8.4.17, and 8.3.23 are vulnerable.
PostgreSQL is prone to an insecure temporary-file-creation vulnerability.
Local attackers may be able to perform symbolic-link attacks to overwrite arbitrary files in the context of the affected application. Other attacks may also be possible.
Versions prior to PostgreSQL 9.2.4, 9.1.9, 9.0.13, 8.4.17, and 8.3.23 are vulnerable.