HD moore happens to be the creator of metasploit, added a whole new postgresql scanner auxiliary module to firmly framework. some weeks ago, one as to the worst security vulnerabilities to firmly date in postgresql was discovered. this module will establish postgresql 9. zero, 9. 1, and 9. 2 servers which can be found sensitive to command-line flag injection through cve-2013-1899.
this may result in denial of service, privilege escalation, or maybe even arbitrary code execution. any system that allows unrestricted access towards the postgresql network port, an example would be users running postgresql connected to public cloud, is particularly vulnerable.
users whose servers are solely accessible on protected internal networks, or who have effective firewalling or another network access restrictions, are less vulnerable.
0 comments:
Post a Comment