CVE-2009-3231 — MEDIUM (6.8)

Q: How severe is CVE-2009-3231?

CVE-2009-3231 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3231?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Opensuse Opensuse, Suse Linux Enterprise, Suse Linux Enterprise Server, Fedoraproject Fedora.

Vulnerability Description

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Postgresql	Postgresql	>= 8.2, < 8.2.14
Opensuse	Opensuse	>= 10.3, <= 11.1
Suse	Linux Enterprise	10.0
Suse	Linux Enterprise Server	9
Fedoraproject	Fedora	10
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-287

References

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.htmlMailing List
http://marc.info/?l=bugtraq&m=134124585221119&w=2Mailing List
http://secunia.com/advisories/36660Broken LinkVendor Advisory
http://secunia.com/advisories/36727Broken LinkVendor Advisory
http://secunia.com/advisories/36800Broken Link
http://secunia.com/advisories/36837Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012Broken Link
http://www.postgresql.org/docs/8.3/static/release-8-3-8.htmlRelease Notes
http://www.postgresql.org/support/security.htmlBroken LinkVendor Advisory
http://www.securityfocus.com/archive/1/509917/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/36314Broken LinkThird Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/usn-834-1Third Party Advisory
http://www.us.debian.org/security/2009/dsa-1900Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=522084Issue TrackingPatch

FAQ

What is CVE-2009-3231?

CVE-2009-3231 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty passw...

How severe is CVE-2009-3231?

CVE-2009-3231 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3231?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Opensuse Opensuse, Suse Linux Enterprise, Suse Linux Enterprise Server, Fedoraproject Fedora.