PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postgresql | Postgresql | 9.2 (including) | 9.2 (including) |
Postgresql | Postgresql | 9.2.1 (including) | 9.2.1 (including) |
Postgresql | Postgresql | 9.2.2 (including) | 9.2.2 (including) |
Postgresql | Postgresql | 9.2.3 (including) | 9.2.3 (including) |