Home > mailing lists

Re: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf - Mailing list pgsql-general

From	Devrim Gündüz
Subject	Re: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf
Date	April 4, 2013 19:43:51
Msg-id	d252077c-7ce0-4d48-91bd-5d32cc99de88@email.android.com Whole thread Raw
In response to	CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf (Mads.Tandrup@schneider-electric.com)
List	pgsql-general

Tree view

Hi,

pg_hba.conf does not have protection for this security issue.

Regards, Devrim

Mads.Tandrup@schneider-electric.com wrote:

Hi All

I'm trying to understand the implications of the latest security fix to postgresql [1].

We have a setup were we in pg_hba.conf have limited the allowed IP addresses of the clients. But does anyone know if CVE-2013-1899 allows an arbitrary attacker to use the exploits described in [1]?

We are using PostgreSQL 8.4.

Best regards,
Mads

[1] http://www.postgresql.org/support/security/faq/2013-04-04/

--
Devrim Gündüz

pgsql-general by date:

From: Mads.Tandrup@schneider-electric.com
Date: 04 April 2013, 19:39:37
Subject: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf

From: Bruce Momjian
Date: 04 April 2013, 19:44:44
Subject: Re: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf

Re: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf - Mailing list pgsql-general

Previous

Next