Unrated severityNVD Advisory· Published Sep 17, 2009· Updated Apr 23, 2026

CVE-2009-3231

Description

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

Affected products

PostgreSQL/PostgreSQL
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Range: >=8.2,<8.2.14
Canonical/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*
Range: >=10.3,<=11.1
SUSE S.A./Linux Enterprise2 versions
cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise:10.0:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
secunia.com/advisories/36660nvdBroken LinkVendor Advisory
secunia.com/advisories/36727nvdBroken LinkVendor Advisory
www.postgresql.org/support/security.htmlnvdBroken LinkVendor Advisory
www.securityfocus.com/archive/1/509917/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/36314nvdBroken LinkThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/usn-834-1nvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.htmlnvdMailing List
lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.htmlnvdMailing List
marc.infonvdMailing List
secunia.com/advisories/36800nvdBroken Link
secunia.com/advisories/36837nvdBroken Link
wiki.rpath.com/wiki/Advisories:rPSA-2010-0012nvdBroken Link
www.postgresql.org/docs/8.3/static/release-8-3-8.htmlnvdRelease Notes
www.us.debian.org/security/2009/dsa-1900nvdBroken Link
www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.htmlnvdMailing List
www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.htmlnvdMailing List

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000