On Thu, Apr 4, 2013 at 06:39:22PM +0200, mads.tand...@schneider-electric.com wrote: > Hi All > > I'm trying to understand the implications of the latest security fix to > postgresql [1]. > > We have a setup were we in pg_hba.conf have limited the allowed IP addresses > of > the clients. But does anyone know if CVE-2013-1899 allows an arbitrary > attacker > to use the exploits described in [1]?
Yes, if you were running 9.0+. pg_hba.conf does not limit access sufficiently, though listen_addresses does. > We are using PostgreSQL 8.4. 8.4 does not contain the bug. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
