6.5.3

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

postgresql

exploit available

NVD

Published: 2001-08-31

Updated: 2017-12-19

Summary

PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.

Vulnerable Configurations

Part	Description	Count
Application	Postgresql Postgresql Postgresql 6.3.2 Postgresql Postgresql 6.5.3	2

Exploit-Db

description	PostgreSQL 6.3.2/6.5.3 Cleartext Passwords Vulnerability. CVE-2000-1199. Local exploit for immunix platform
id	EDB-ID:19875
last seen	2016-02-02
modified	2000-04-23
published	2000-04-23
reporter	Robert van der Meulen
source	https://www.exploit-db.com/download/19875/
title	PostgreSQL 6.3.2/6.5.3 Cleartext Passwords Vulnerability

Statements

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Summary

Vulnerable Configurations

Exploit-Db

Statements

References