On Thu, Apr 4, 2013 at 06:39:22PM +0200, Mads.Tandrup@schneider-electric.com wrote:
> Hi All
>
> I'm trying to understand the implications of the latest security fix to
> postgresql [1].
>
> We have a setup were we in pg_hba.conf have limited the allowed IP addresses of
> the clients. But does anyone know if CVE-2013-1899 allows an arbitrary attacker
> to use the exploits described in [1]?
Yes, if you were running 9.0+. pg_hba.conf does not limit access
sufficiently, though listen_addresses does.
> We are using PostgreSQL 8.4.
8.4 does not contain the bug.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +