DB: PostgreSQL Database Name Command-line Flag Injection
This signature detects attempts to exploit a known vulnerability against PostgreSQL. A successful attack can allow an attacker to gain elevated privileges, cause a denial of service condition or execute arbitrary code on the targeted system.
Extended Description
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
Affected Products
Postgresql postgresql
Short Name
DB:POSTGRESQL:DBNAME-CLIFLAGINJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
CVE-2013-1899 Command-line Database Flag Injection Name PostgreSQL bid:58876
Release Date
04/05/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
Port
TCP/5432
False Positive
Unknown
Vendors
Postgresql
Canonical
CVSS Score
6.5