CVE-2009-3229

{"id": "CVE-2009-3229", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-09-17T10:30:00.907", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36660", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36727", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36800", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36837", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1", "source": "cve@mitre.org"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012", "source": "cve@mitre.org"}, {"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-8.html", "source": "cve@mitre.org"}, {"url": "http://www.postgresql.org/support/security.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/509917/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/36314", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-834-1", "source": "cve@mitre.org"}, {"url": "http://www.us.debian.org/security/2009/dsa-1900", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522092", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by \"re-LOAD-ing\" libraries from a certain plugins directory."}, {"lang": "es", "value": "El componente core server de PostgreSQL desde v8.4 anteriores a v8.4.1, desde v8.3 anteriores a v8.3.8, y desde v8.2 anteriores a v8.2.14 permite a usuarios remotos autenticados producir una denegaci\u00f3n de servicio (ca\u00edda del backend) mediante \"recarga\" de librer\u00edas desde cierto directorio de plugins."}], "lastModified": "2018-10-10T19:43:14.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7213327F-6909-43A7-952E-11600C28D4E3"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10EF0EA6-C8B6-40A7-A3AE-8639CA94D5C5"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9F645F3-9767-4FD8-94EB-1096DF24E6C3"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C342A823-EF6F-4557-9F9E-D8893EA4C2BA"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B85A443F-0802-412F-9AEE-3525311C93D4"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06253BA8-7F1E-4C79-9B2E-197307A627F0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A213AB8-A5FE-4062-B895-2FC4B19F60A4"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A3F083E-59A8-41B1-826F-2CA39BD425C9"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE49E2D5-8EAC-49C7-B704-E626FBE7EC35"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5059B2F-B588-463E-8E96-BC9DA129C12E"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C919AF97-9713-44F8-B742-89C438DB0B48"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "400BBC62-5D03-465B-A864-9CD479B963F8"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC8C96F7-7F85-4E47-A05F-15E3C70AF583"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C236CF1-72C0-4C3D-AE04-B67E3F18EEC8"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2A705DF-3654-427F-8B11-62DB0B6C9813"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05AD5D33-86F4-4BFF-BA84-02AA1347BEEB"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02FDCF30-D0F7-48AA-9633-9CC060495F47"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "788975F6-B3F1-4C21-B963-6BA59F14B71C"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6713D96-338B-4467-9F05-3153997F62E2"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01EB1A77-92AD-47FB-8290-D05C9B6C19C4"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74857259-30C7-422D-A24D-BE1E33F09466"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD80066B-787E-496B-88FD-F0AE291468C5"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F30CA60-0A82-45CD-8044-CE245393593D"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5.\n\nIn PostgreSQL versions prior to 8.2, only database administrator was able to LOAD additional plugins and use it to cause server crash. However, this does not bypass trust boundary, so its not a security flaw for older PostgreSQL versions. Additionally, no plugins are shipped in Red Hat PostgreSQL packages by default.\n\nThis issue was addressed in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1461.html .", "lastModified": "2009-09-24T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}