CVE-2007-0555 - PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before

CVE-2007-0555

Summary

PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.

References

Vulnerable Configurations

cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*

CVSS

Base:	8.5 (as of 16-10-2018 - 16:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:C/I:N/A:C

oval via4

accepted

2013-04-29T04:21:45.588-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:9739

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

bugzilla

id	1618367
title	CVE-2007-0555 security flaw

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment postgresql is earlier than 0:7.4.16-1.RHEL4.1
oval oval:com.redhat.rhsa:tst:20070064001
comment postgresql is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060526002

AND

comment postgresql-contrib is earlier than 0:7.4.16-1.RHEL4.1
oval oval:com.redhat.rhsa:tst:20070064003
comment postgresql-contrib is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060526004

AND

comment postgresql-devel is earlier than 0:7.4.16-1.RHEL4.1
oval oval:com.redhat.rhsa:tst:20070064005
comment postgresql-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060526006

AND
comment postgresql-docs is earlier than 0:7.4.16-1.RHEL4.1
oval oval:com.redhat.rhsa:tst:20070064007
comment postgresql-docs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060526008
AND
comment postgresql-jdbc is earlier than 0:7.4.16-1.RHEL4.1
oval oval:com.redhat.rhsa:tst:20070064009
comment postgresql-jdbc is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060526010
AND
comment postgresql-libs is earlier than 0:7.4.16-1.RHEL4.1
oval oval:com.redhat.rhsa:tst:20070064011
comment postgresql-libs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060526012
AND
comment postgresql-pl is earlier than 0:7.4.16-1.RHEL4.1
oval oval:com.redhat.rhsa:tst:20070064013
comment postgresql-pl is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060526014

AND

comment postgresql-python is earlier than 0:7.4.16-1.RHEL4.1
oval oval:com.redhat.rhsa:tst:20070064015
comment postgresql-python is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060526016

AND

comment postgresql-server is earlier than 0:7.4.16-1.RHEL4.1
oval oval:com.redhat.rhsa:tst:20070064017
comment postgresql-server is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060526018

AND
comment postgresql-tcl is earlier than 0:7.4.16-1.RHEL4.1
oval oval:com.redhat.rhsa:tst:20070064019
comment postgresql-tcl is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060526020
AND
comment postgresql-test is earlier than 0:7.4.16-1.RHEL4.1
oval oval:com.redhat.rhsa:tst:20070064021
comment postgresql-test is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060526022

rhsa

id	RHSA-2007:0064
released	2007-02-07
severity	Moderate
title	RHSA-2007:0064: postgresql security update (Moderate)

rhsa
id RHSA-2007:0067
rhsa
id RHSA-2007:0068

rpms

postgresql-0:7.4.16-1.RHEL4.1
postgresql-contrib-0:7.4.16-1.RHEL4.1
postgresql-debuginfo-0:7.4.16-1.RHEL4.1
postgresql-devel-0:7.4.16-1.RHEL4.1
postgresql-docs-0:7.4.16-1.RHEL4.1
postgresql-jdbc-0:7.4.16-1.RHEL4.1
postgresql-libs-0:7.4.16-1.RHEL4.1
postgresql-pl-0:7.4.16-1.RHEL4.1
postgresql-python-0:7.4.16-1.RHEL4.1
postgresql-server-0:7.4.16-1.RHEL4.1
postgresql-tcl-0:7.4.16-1.RHEL4.1
postgresql-test-0:7.4.16-1.RHEL4.1
rh-postgresql-0:7.3.18-1
rh-postgresql-contrib-0:7.3.18-1
rh-postgresql-debuginfo-0:7.3.18-1
rh-postgresql-devel-0:7.3.18-1
rh-postgresql-docs-0:7.3.18-1
rh-postgresql-jdbc-0:7.3.18-1
rh-postgresql-libs-0:7.3.18-1
rh-postgresql-pl-0:7.3.18-1
rh-postgresql-python-0:7.3.18-1
rh-postgresql-server-0:7.3.18-1
rh-postgresql-tcl-0:7.3.18-1
rh-postgresql-test-0:7.3.18-1
postgresql-0:8.1.7-3.el4s1.1
postgresql-contrib-0:8.1.7-3.el4s1.1
postgresql-debuginfo-0:8.1.7-3.el4s1.1
postgresql-devel-0:8.1.7-3.el4s1.1
postgresql-docs-0:8.1.7-3.el4s1.1
postgresql-libs-0:8.1.7-3.el4s1.1
postgresql-pl-0:8.1.7-3.el4s1.1
postgresql-python-0:8.1.7-3.el4s1.1
postgresql-server-0:8.1.7-3.el4s1.1
postgresql-tcl-0:8.1.7-3.el4s1.1
postgresql-test-0:8.1.7-3.el4s1.1
postgresql-0:8.1.8-1.el5
postgresql-contrib-0:8.1.8-1.el5
postgresql-debuginfo-0:8.1.8-1.el5
postgresql-devel-0:8.1.8-1.el5
postgresql-docs-0:8.1.8-1.el5
postgresql-libs-0:8.1.8-1.el5
postgresql-pl-0:8.1.8-1.el5
postgresql-python-0:8.1.8-1.el5
postgresql-server-0:8.1.8-1.el5
postgresql-tcl-0:8.1.8-1.el5
postgresql-test-0:8.1.8-1.el5

refmap via4

bid	22387
bugtraq	20070206 rPSA-2007-0025-1 postgresql postgresql-server 20070208 rPSA-2007-0025-2 postgresql postgresql-server
confirm	http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm http://www.postgresql.org/support/security https://issues.rpath.com/browse/RPL-1025 https://issues.rpath.com/browse/RPL-830
debian	DSA-1261
fedora	FEDORA-2007-198
gentoo	GLSA-200703-15
mandriva	MDKSA-2007:037
mlist	[security-announce] 20070206 rPSA-2007-0025-1 postgresql postgresql-server
osvdb	33087
sectrack	1017597
secunia	24028 24033 24042 24050 24057 24094 24151 24158 24284 24315 24513 24577 25220
sgi	20070201-01-P
sunalert	102825
suse	SUSE-SR:2007:010
trustix	2007-0007
ubuntu	USN-417-1 USN-417-2
vupen	ADV-2007-0478 ADV-2007-0774
xf	postgresql-sqlfunctions-info-disclosure(32195)

Last major update

16-10-2018 - 16:33

Published

06-02-2007 - 01:28

Last modified

16-10-2018 - 16:33