PostgreSQL PgBouncer Denial Of Service Vulnerability (Win) Network Vulnerability

Summary

This host is installed with PostgreSQL PgBouncer pooler and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause the application to crash by creating a denial of service condition. Impact Level: Application

Solution

Upgrade to PostgreSQL PgBouncer Pooler version 1.5.3 or later, For updates refer to http://wiki.postgresql.org/wiki/PgBouncer

Insight

An error exists within the 'add_database' function in objects.c in the pgbouncer pooler when adding new databases with an an overly large name.

Affected

PostgreSQL PgBouncer Pooler version 1.5.2 and prior on Windows

References

http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commit;h=4b92112b820830b30cd7bc91bef3dd8f35305525
http://openwall.com/lists/oss-security/2012/11/02/8
http://secunia.com/advisories/51128
http://www.osvdb.org/87560
http://xforce.iss.net/xforce/xfdb/79751

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4575
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux
CUPS IPP Packets Processing Denial of Service Vulnerability
Cogent DataHub Integer Overflow Vulnerability
Firefox XUL Parsing Denial of Service Vulnerability (Linux)
Django Forms Library Algorithmic Complexity Vulnerability

PostgreSQL PgBouncer Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities