Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 6.5 | MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| CWE ID | Type | Source |
|---|---|---|
| CWE-94 | Primary | nvd@nist.gov |
Per http://www.ubuntu.com/usn/USN-1789-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS Ubuntu 8.04 LTS"