FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-2313

This CVE name corresponds to:

Entered Topic
2006-08-13 postgresql -- encoding based SQL injection

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-2313 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-2313
Phase Assigned(20060511)

Description

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."

References

Source Reference
BUGTRAQ 20060523 PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15
BUGTRAQ 20060524 rPSA-2006-0080-1 postgresql postgresql-server
MLIST [pgsql-announce] 20060523 Security Releases for All Active Versions
CONFIRM http://www.postgresql.org/docs/techdocs.50
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm
DEBIAN DSA-1087
GENTOO GLSA-200607-04
MANDRIVA MDKSA-2006:098
REDHAT RHSA-2006:0526
SGI 20060602-01-U
SUSE SUSE-SA:2006:030
TRUSTIX 2006-0032
UBUNTU USN-288-1
UBUNTU USN-288-2
BID 18092
OVAL oval:org.mitre.oval:def:10618
VUPEN ADV-2006-1941
SECTRACK 1016142
SECUNIA 20231
SECUNIA 20232
SECUNIA 20314
SECUNIA 20435
SECUNIA 20451
SECUNIA 20503
SECUNIA 20555
SECUNIA 20782
SECUNIA 21001
SECUNIA 20653
XF postgresql-multibyte-sql-injection(26627)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.