ID |
CVE-2007-0555
|
Summary |
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
-
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
-
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
-
cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
-
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
|
CVSS |
Base: | 8.5 (as of 16-10-2018 - 16:33) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
SINGLE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
NONE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:S/C:C/I:N/A:C
|
oval
via4
|
accepted | 2013-04-29T04:21:45.588-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
| description | PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. | family | unix | id | oval:org.mitre.oval:def:9739 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. | version | 30 |
|
redhat
via4
|
advisories | bugzilla | id | 1618367 | title | CVE-2007-0555 security flaw |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 4 is installed | oval | oval:com.redhat.rhba:tst:20070304025 |
OR | AND | comment | postgresql is earlier than 0:7.4.16-1.RHEL4.1 | oval | oval:com.redhat.rhsa:tst:20070064001 |
comment | postgresql is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060526002 |
|
AND | comment | postgresql-contrib is earlier than 0:7.4.16-1.RHEL4.1 | oval | oval:com.redhat.rhsa:tst:20070064003 |
comment | postgresql-contrib is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060526004 |
|
AND | comment | postgresql-devel is earlier than 0:7.4.16-1.RHEL4.1 | oval | oval:com.redhat.rhsa:tst:20070064005 |
comment | postgresql-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060526006 |
|
AND | comment | postgresql-docs is earlier than 0:7.4.16-1.RHEL4.1 | oval | oval:com.redhat.rhsa:tst:20070064007 |
comment | postgresql-docs is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060526008 |
|
AND | comment | postgresql-jdbc is earlier than 0:7.4.16-1.RHEL4.1 | oval | oval:com.redhat.rhsa:tst:20070064009 |
comment | postgresql-jdbc is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060526010 |
|
AND | comment | postgresql-libs is earlier than 0:7.4.16-1.RHEL4.1 | oval | oval:com.redhat.rhsa:tst:20070064011 |
comment | postgresql-libs is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060526012 |
|
AND | comment | postgresql-pl is earlier than 0:7.4.16-1.RHEL4.1 | oval | oval:com.redhat.rhsa:tst:20070064013 |
comment | postgresql-pl is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060526014 |
|
AND | comment | postgresql-python is earlier than 0:7.4.16-1.RHEL4.1 | oval | oval:com.redhat.rhsa:tst:20070064015 |
comment | postgresql-python is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060526016 |
|
AND | comment | postgresql-server is earlier than 0:7.4.16-1.RHEL4.1 | oval | oval:com.redhat.rhsa:tst:20070064017 |
comment | postgresql-server is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060526018 |
|
AND | comment | postgresql-tcl is earlier than 0:7.4.16-1.RHEL4.1 | oval | oval:com.redhat.rhsa:tst:20070064019 |
comment | postgresql-tcl is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060526020 |
|
AND | comment | postgresql-test is earlier than 0:7.4.16-1.RHEL4.1 | oval | oval:com.redhat.rhsa:tst:20070064021 |
comment | postgresql-test is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060526022 |
|
|
|
|
| rhsa | id | RHSA-2007:0064 | released | 2007-02-07 | severity | Moderate | title | RHSA-2007:0064: postgresql security update (Moderate) |
|
| rpms | - postgresql-0:7.4.16-1.RHEL4.1
- postgresql-contrib-0:7.4.16-1.RHEL4.1
- postgresql-debuginfo-0:7.4.16-1.RHEL4.1
- postgresql-devel-0:7.4.16-1.RHEL4.1
- postgresql-docs-0:7.4.16-1.RHEL4.1
- postgresql-jdbc-0:7.4.16-1.RHEL4.1
- postgresql-libs-0:7.4.16-1.RHEL4.1
- postgresql-pl-0:7.4.16-1.RHEL4.1
- postgresql-python-0:7.4.16-1.RHEL4.1
- postgresql-server-0:7.4.16-1.RHEL4.1
- postgresql-tcl-0:7.4.16-1.RHEL4.1
- postgresql-test-0:7.4.16-1.RHEL4.1
- rh-postgresql-0:7.3.18-1
- rh-postgresql-contrib-0:7.3.18-1
- rh-postgresql-debuginfo-0:7.3.18-1
- rh-postgresql-devel-0:7.3.18-1
- rh-postgresql-docs-0:7.3.18-1
- rh-postgresql-jdbc-0:7.3.18-1
- rh-postgresql-libs-0:7.3.18-1
- rh-postgresql-pl-0:7.3.18-1
- rh-postgresql-python-0:7.3.18-1
- rh-postgresql-server-0:7.3.18-1
- rh-postgresql-tcl-0:7.3.18-1
- rh-postgresql-test-0:7.3.18-1
- postgresql-0:8.1.7-3.el4s1.1
- postgresql-contrib-0:8.1.7-3.el4s1.1
- postgresql-debuginfo-0:8.1.7-3.el4s1.1
- postgresql-devel-0:8.1.7-3.el4s1.1
- postgresql-docs-0:8.1.7-3.el4s1.1
- postgresql-libs-0:8.1.7-3.el4s1.1
- postgresql-pl-0:8.1.7-3.el4s1.1
- postgresql-python-0:8.1.7-3.el4s1.1
- postgresql-server-0:8.1.7-3.el4s1.1
- postgresql-tcl-0:8.1.7-3.el4s1.1
- postgresql-test-0:8.1.7-3.el4s1.1
- postgresql-0:8.1.8-1.el5
- postgresql-contrib-0:8.1.8-1.el5
- postgresql-debuginfo-0:8.1.8-1.el5
- postgresql-devel-0:8.1.8-1.el5
- postgresql-docs-0:8.1.8-1.el5
- postgresql-libs-0:8.1.8-1.el5
- postgresql-pl-0:8.1.8-1.el5
- postgresql-python-0:8.1.8-1.el5
- postgresql-server-0:8.1.8-1.el5
- postgresql-tcl-0:8.1.8-1.el5
- postgresql-test-0:8.1.8-1.el5
|
|
refmap
via4
|
bid | 22387 | bugtraq | - 20070206 rPSA-2007-0025-1 postgresql postgresql-server
- 20070208 rPSA-2007-0025-2 postgresql postgresql-server
| confirm | | debian | DSA-1261 | fedora | FEDORA-2007-198 | gentoo | GLSA-200703-15 | mandriva | MDKSA-2007:037 | mlist | [security-announce] 20070206 rPSA-2007-0025-1 postgresql postgresql-server | osvdb | 33087 | sectrack | 1017597 | secunia | - 24028
- 24033
- 24042
- 24050
- 24057
- 24094
- 24151
- 24158
- 24284
- 24315
- 24513
- 24577
- 25220
| sgi | 20070201-01-P | sunalert | 102825 | suse | SUSE-SR:2007:010 | trustix | 2007-0007 | ubuntu | | vupen | - ADV-2007-0478
- ADV-2007-0774
| xf | postgresql-sqlfunctions-info-disclosure(32195) |
|
Last major update |
16-10-2018 - 16:33 |
Published |
06-02-2007 - 01:28 |
Last modified |
16-10-2018 - 16:33 |