CVE-2013-1900

Published: Apr 4, 2013Modified: Apr 29, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."

Affected (48)

Products: Postgresql: Postgresql · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 9.2.1
Postgresql Postgresql	Version 9.2.2
Postgresql Postgresql	Version 9.2.3
Postgresql Postgresql	Version 9.2

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 9.1.1
Postgresql Postgresql	Version 9.1.2
Postgresql Postgresql	Version 9.1.3
Postgresql Postgresql	Version 9.1.4
Postgresql Postgresql	Version 9.1.5
Postgresql Postgresql	Version 9.1.6
Postgresql Postgresql	Version 9.1.7
Postgresql Postgresql	Version 9.1.8
Postgresql Postgresql	Version 9.1

Configuration C

13 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 9.0.10
Postgresql Postgresql	Version 9.0.11
Postgresql Postgresql	Version 9.0.12
Postgresql Postgresql	Version 9.0.1
Postgresql Postgresql	Version 9.0.2
Postgresql Postgresql	Version 9.0.3
Postgresql Postgresql	Version 9.0.4
Postgresql Postgresql	Version 9.0.5
Postgresql Postgresql	Version 9.0.6
Postgresql Postgresql	Version 9.0.7
Postgresql Postgresql	Version 9.0.8
Postgresql Postgresql	Version 9.0.9
Postgresql Postgresql	Version 9.0

Configuration D

17 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 8.4.10
Postgresql Postgresql	Version 8.4.11
Postgresql Postgresql	Version 8.4.12
Postgresql Postgresql	Version 8.4.13
Postgresql Postgresql	Version 8.4.14
Postgresql Postgresql	Version 8.4.15
Postgresql Postgresql	Version 8.4.16
Postgresql Postgresql	Version 8.4.1
Postgresql Postgresql	Version 8.4.2
Postgresql Postgresql	Version 8.4.3
Postgresql Postgresql	Version 8.4.4
Postgresql Postgresql	Version 8.4.5
Postgresql Postgresql	Version 8.4.6
Postgresql Postgresql	Version 8.4.7
Postgresql Postgresql	Version 8.4.8
Postgresql Postgresql	Version 8.4.9
Postgresql Postgresql	Version 8.4

Configuration E

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 11.10
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10
Canonical Ubuntu Linux	Version 8.04

Related CWEs

References (42)

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1475.html

Source: secalert@redhat.com

http://support.apple.com/kb/HT5880

Source: secalert@redhat.com

http://support.apple.com/kb/HT5892

Source: secalert@redhat.com

http://www.debian.org/security/2013/dsa-2657

Source: secalert@redhat.com

http://www.debian.org/security/2013/dsa-2658

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:142

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: secalert@redhat.com

http://www.postgresql.org/about/news/1456/

Source: secalert@redhat.com

Vendor Advisory

http://www.postgresql.org/docs/current/static/release-8-4-17.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-9-0-13.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-9-1-9.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/current/static/release-9-2-4.html

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1789-1

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-1475.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT5880

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT5892

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2013/dsa-2657

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2013/dsa-2658

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2013:142

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/about/news/1456/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.postgresql.org/docs/current/static/release-8-4-17.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/current/static/release-9-0-13.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/current/static/release-9-1-9.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/current/static/release-9-2-4.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1789-1

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.