CVE-2009-3231

PostgreSQL 8.2-8.2.14 and 8.3-8.3.8 - Unauthenticated Authentication Bypass via Empty LDAP Password

Title source: llm
STIX 2.1

Description

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

References (17)

Core 17
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36314
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134124585221119&w=2
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36837
Broken Link, Vendor Advisory x_refsource_confirm
http://www.postgresql.org/support/security.html
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36660
Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/509917/100/0/threaded
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36800
Broken Link vendor-advisory x_refsource_debian
http://www.us.debian.org/security/2009/dsa-1900
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=522084
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36727
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-834-1

Scores

EPSS 0.0496
EPSS Percentile 89.8%

Details

CWE
CWE-287
Status published
Products (11)
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 8.10
canonical/ubuntu_linux 9.04
fedoraproject/fedora 10
fedoraproject/fedora 11
opensuse/opensuse 10.3 - 11.1
postgresql/postgresql 8.2 - 8.2.14
suse/linux_enterprise 10.0 sp2
suse/linux_enterprise 11.0
... and 1 more
Published Sep 17, 2009
Tracked Since Feb 18, 2026