Vulnerability Description
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | 7.2.1 |
References
- http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.phpPatch
- http://www.novell.com/linux/security/advisories/2005_36_sudo.html
- http://www.postgresql.org/about/news.315Patch
- http://www.redhat.com/support/errata/RHSA-2005-433.html
- http://www.securityfocus.com/archive/1/426302/30/6680/threaded
- http://www.securityfocus.com/bid/13476
- http://www.vupen.com/english/advisories/2005/0453
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.phpPatch
- http://www.novell.com/linux/security/advisories/2005_36_sudo.html
- http://www.postgresql.org/about/news.315Patch
- http://www.redhat.com/support/errata/RHSA-2005-433.html
- http://www.securityfocus.com/archive/1/426302/30/6680/threaded
- http://www.securityfocus.com/bid/13476
FAQ
What is CVE-2005-1409?
CVE-2005-1409 is a vulnerability with a CVSS score of 7.5 (HIGH). PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact...
How severe is CVE-2005-1409?
CVE-2005-1409 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1409?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql.