Quick Links

postgresql command line exploit found in the wild

From:	Merlin Moncure <mmoncure(at)gmail(dot)com>
To:	PostgreSQL General <pgsql-general(at)postgresql(dot)org>
Subject:	postgresql command line exploit found in the wild
Date:	2013-04-08 15:07:17
Message-ID:	CAHyXU0xJMZHd62ozJkUjzduKY4u0SWgv16bda2cLOZ3J_tyZuQ@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

see: http://schemaverse.tumblr.com/post/47312545952/the-schemaverse-was-hacked

if you have an internet facing database, patch it immediately!
(personally, I would only do this through a service such as pgbouncer
runnning under extremely limited account). do not delay!

merlin

Responses

Re: postgresql command line exploit found in the wild at 2013-04-08 15:48:08 from Daniel Verite

Browse pgsql-general by date

	From	Date	Subject
Next Message	Jared Beck	2013-04-08 15:24:42	Re: [Maintainers] REL/Centos4 release of 8.4.17?
Previous Message	Richard Harley	2013-04-08 14:15:24	Re: Selecting timestamp from Database