News Document Title:
====================
Critical Postgre SQL issue in chinese Academy of Governance NSA


Release Date:
=============
2011-12-06


Laboratory Article:
===================
A tunisian researcher of vulnerability-labs discovered a critical prostgre sql issue on the Chinese Academy of Governance NSA.
Chokri B.A. alias "Me!ster" discovered this week a nice issue to the china national vulnerability database of information security. 
The vulnerability has been fixed/patched within 7 days after our security report arrived on the chinese postbox and the coordination 
process via CNNVD was perfect navigated. The bug was located in a wrong validated server request in the main website.

The vulnerability allows an attacker (remote) to infiltrate the vulnerable application database management system of the affected 
vulnerable website (web-server). Remote Attackers and privileged user accounts can inject/execute (pre-auth) own sql statements to 
compromise the important and stable government web-server system. Successful exploitation results in dbms and server system compromise, 
account steal, server take-over and manipulation of webcontent.

CNNVD ID: 	201111-474
VL ID:		2011-311

Advisory: 	http://www.vulnerability-lab.com/get_content.php?id=311
Article:  	http://news.hitb.org/content/critical-postgre-sql-issue-chinese-academy-governance-nsa