Skip to main content

PostgreSQL "xml_parse()" and "xslt_process()" Vulnerabilities

Last Update Date: 20 Aug 2012 10:56 Release Date: 20 Aug 2012 5333 Views

RISK: Medium Risk

TYPE: Servers - Database Servers

TYPE: Database Servers

Two vulnerabilities have been identified in PostgreSQL, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.

  1. An error within the "xml_parse()" function when parsing DTD data within XML documents can be exploited to read arbitrary files.
  2. An error within the "xslt_process()" function when parsing XSLT style sheets can be exploited to e.g. create or overwrite arbitrary files.

Impact

  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • PostgreSQL 8.x
  • PostgreSQL 9.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 9.1.5, 9.0.9, 8.4.13, or 8.3.20.

Vulnerability Identifier


Source


Related Link