Vulnerabilities > CVE-2012-1618 - Unspecified vulnerability in Postgresql and Postgresql Jdbc Driver
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Seebug
bulletinFamily | exploit |
description | CVE ID: CVE-2012-1618 PostgreSQL JDBC驱动程序可允许Java程序连接到PostgreSQL数据库。 PostgreSQL JDBC 8.2之前版本结合使用启用了"standard_conforming_strings"选项的PostgreSQL服务器时存在交互错误,无法正确转义某些JDBC语句参数,可允许远程攻击者执行SQL注入攻击。 0 PostgreSQL JDBC Driver < 8.2 厂商补丁: PostgreSQL ---------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.postgresql.org |
id | SSV:60423 |
last seen | 2017-11-19 |
modified | 2012-10-10 |
published | 2012-10-10 |
reporter | Root |
title | PostgreSQL JDBC驱动程序交互错误SQL注入攻击漏洞 |
References
- http://www.osvdb.org/80641
- http://www.openwall.com/lists/oss-security/2012/03/30/9
- http://www.openwall.com/lists/oss-security/2012/03/31/1
- http://www.openwall.com/lists/oss-security/2012/04/04/9
- http://www.openwall.com/lists/oss-security/2012/03/30/8
- http://www.openwall.com/lists/oss-security/2012/04/04/5
- http://www.openwall.com/lists/oss-security/2012/04/02/4
- http://lists.opensuse.org/opensuse-security/2012-03/msg00024.html
- https://bugzilla.novell.com/show_bug.cgi?id=754273
- http://archives.neohapsis.com/archives/bugtraq/2012-03/0126.html
- http://www.openwall.com/lists/oss-security/2012/04/04/4
- http://www.openwall.com/lists/oss-security/2012/04/04/11