Search Postgresql Archives

Re: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr  4, 2013 at 06:39:22PM +0200, Mads.Tandrup@xxxxxxxxxxxxxxxxxxxxxx wrote:
> Hi All
> 
> I'm trying to understand the implications of the latest security fix to
> postgresql [1].
> 
> We have a setup were we in pg_hba.conf have limited the allowed IP addresses of
> the clients. But does anyone know if CVE-2013-1899 allows an arbitrary attacker
> to use the exploits described in [1]?

Yes, if you were running 9.0+.  pg_hba.conf does not limit access
sufficiently, though listen_addresses does.

> We are using PostgreSQL 8.4.

8.4 does not contain the bug.

-- 
  Bruce Momjian  <bruce@xxxxxxxxxx>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +


-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux