ID DSA-1463 Type debian Reporter Debian Modified 2008-01-14T00:00:00
Description
Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems:
It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete.
Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.
Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.
Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.
Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at <http://www.postgresql.org/about/news.905>.
For the old stable distribution (sarge), some of these problems have been fixed in version 7.4.7-6sarge6 of the postgresql package. Please note that the fix for CVE-2007-6600 and for the handling of regular expressions havn't been backported due to the intrusiveness of the fix. We recommend to upgrade to the stable distribution if these vulnerabilities affect your setup.
For the stable distribution (etch), these problems have been fixed in version 7.4.19-0etch1.
The unstable distribution (sid) no longer contains postgres-7.4.
We recommend that you upgrade your postgresql-7.4 packages.
{"result": {"cve": [{"id": "CVE-2007-4769", "type": "cve", "title": "CVE-2007-4769", "description": "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.", "published": "2008-01-09T16:46:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4769", "cvelist": ["CVE-2007-4769"], "lastseen": "2017-09-29T14:25:30"}, {"id": "CVE-2007-6600", "type": "cve", "title": "CVE-2007-6600", "description": "PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.", "published": "2008-01-09T16:46:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6600", "cvelist": ["CVE-2007-6600"], "lastseen": "2017-09-29T14:25:39"}, {"id": "CVE-2007-3278", "type": "cve", "title": "CVE-2007-3278", "description": "PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.", "published": "2007-06-19T17:30:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3278", "cvelist": ["CVE-2007-3278"], "lastseen": "2017-10-11T11:07:12"}, {"id": "CVE-2007-4772", "type": "cve", "title": "CVE-2007-4772", "description": "The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.", "published": "2008-01-09T16:46:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4772", "cvelist": ["CVE-2007-4772"], "lastseen": "2017-09-29T14:25:30"}, {"id": "CVE-2007-6601", "type": "cve", "title": "CVE-2007-6601", "description": "The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.", "published": "2008-01-09T16:46:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6601", "cvelist": ["CVE-2007-6601"], "lastseen": "2017-09-29T14:25:39"}, {"id": "CVE-2007-6067", "type": "cve", "title": "CVE-2007-6067", "description": "Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted \"complex\" regular expression with doubly-nested states.", "published": "2008-01-09T16:46:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6067", "cvelist": ["CVE-2007-6067"], "lastseen": "2017-09-29T14:25:36"}], "postgresql": [{"id": "POSTGRESQL:CVE-2007-4769", "type": "postgresql", "title": "Vulnerability in core server (CVE-2007-4769)", "description": "Three vulnearbilities in the regular expression handling libraries can be exploited to cause a backend crash, infinite loops or memory exhaustion. This vulnearbility can be exploited through frontend applications that allow unfiltered regular expressions to be passed in queries.", "published": "2008-01-09T16:46:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.postgresql.org/support/security/8.2/", "cvelist": ["CVE-2007-4769"], "lastseen": "2018-02-15T15:10:41"}, {"id": "POSTGRESQL:CVE-2007-6600", "type": "postgresql", "title": "Vulnerability in core server (CVE-2007-6600)", "description": "Two vulnerabilities in how ANALYZE executes user defined functions that are part of expression indexes allows users to gain superuser privileges. A valid login that has permissions to create functions and tables is required to exploit this vulnearbility.", "published": "2008-01-09T16:46:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.postgresql.org/support/security/8.2/", "cvelist": ["CVE-2007-6600"], "lastseen": "2018-02-15T15:10:41"}, {"id": "POSTGRESQL:CVE-2007-6601", "type": "postgresql", "title": "Vulnerability in contrib module (CVE-2007-6601)", "description": "DBLink functions combined with local trust or ident access control could be used by a malicious user togain superuser privileges. A valid login is required to exploit this vulnerability.", "published": "2008-01-09T16:46:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.postgresql.org/support/security/8.2/", "cvelist": ["CVE-2007-6601"], "lastseen": "2018-02-15T15:10:41"}], "openvas": [{"id": "OPENVAS:65971", "type": "openvas", "title": "SLES10: Security update for PostgreSQL", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n postgresql\n postgresql-contrib\n postgresql-devel\n postgresql-docs\n postgresql-libs\n postgresql-pl\n postgresql-server\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65971", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-07-26T08:56:00"}, {"id": "OPENVAS:60891", "type": "openvas", "title": "FreeBSD Ports: postgresql, postgresql-server", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60891", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-07-02T21:10:15"}, {"id": "OPENVAS:136141256231065378", "type": "openvas", "title": "SLES9: Security update for postgresql", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n postgresql-pl\n postgresql\n postgresql-server\n postgresql-libs\n postgresql-devel\n postgresql-contrib\n postgresql-docs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021809 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065378", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2018-04-06T11:40:06"}, {"id": "OPENVAS:65378", "type": "openvas", "title": "SLES9: Security update for postgresql", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n postgresql-pl\n postgresql\n postgresql-server\n postgresql-libs\n postgresql-devel\n postgresql-contrib\n postgresql-docs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021809 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65378", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-07-26T08:56:10"}, {"id": "OPENVAS:860326", "type": "openvas", "title": "Fedora Update for postgresql FEDORA-2008-0478", "description": "Check for the Version of postgresql", "published": "2009-02-17T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860326", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-07-25T10:57:01"}, {"id": "OPENVAS:136141256231065971", "type": "openvas", "title": "SLES10: Security update for PostgreSQL", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n postgresql\n postgresql-contrib\n postgresql-devel\n postgresql-docs\n postgresql-libs\n postgresql-pl\n postgresql-server\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065971", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2018-04-06T11:39:39"}, {"id": "OPENVAS:850040", "type": "openvas", "title": "SuSE Update for postgresql SUSE-SA:2008:005", "description": "Check for the Version of postgresql", "published": "2009-01-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850040", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-12-12T11:20:10"}, {"id": "OPENVAS:870092", "type": "openvas", "title": "RedHat Update for postgresql RHSA-2008:0038-01", "description": "Check for the Version of postgresql", "published": "2009-03-06T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870092", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-07-27T10:56:16"}, {"id": "OPENVAS:1361412562310880285", "type": "openvas", "title": "CentOS Update for postgresql CESA-2008:0038 centos4 i386", "description": "Check for the Version of postgresql", "published": "2009-02-27T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880285", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2018-04-09T11:38:56"}, {"id": "OPENVAS:830498", "type": "openvas", "title": "Mandriva Update for postgresql MDVSA-2008:004 (postgresql)", "description": "Check for the Version of postgresql", "published": "2009-04-09T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830498", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-07-24T12:55:59"}], "nessus": [{"id": "MANDRIVA_MDVSA-2008-004.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : postgresql (MDVSA-2008:004)", "description": "Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions.\n\nRegular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067, CVE-2007-4769): three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend.\n\nDBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle (see CVE-2007-3278), but that patch failed to close all forms of the loophole.\n\nUpdated packages fix these issues by upgrading to the latest maintenance versions of PostgreSQL.", "published": "2009-04-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=38083", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-10-29T13:37:47"}, {"id": "SUSE_POSTGRESQL-4955.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : postgresql (postgresql-4955)", "description": "This version update to 8.2.6 fixes among other things several security issues :\n\n - Index Functions Privilege Escalation: CVE-2007-6600\n\n - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769\n\n - DBLink Privilege Escalation: CVE-2007-6601", "published": "2008-02-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=30251", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6067"], "lastseen": "2017-10-29T13:32:51"}, {"id": "FEDORA_2008-0552.NASL", "type": "nessus", "title": "Fedora 7 : postgresql-8.2.6-1.fc7 (2008-0552)", "description": "- Mon Jan 7 2008 Tom Lane <tgl at redhat.com> 8.2.6-1\n\n - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601\n\n - Make initscript and pam config files be installed unconditionally; seems new buildroots don't necessarily have those directories in place\n\n - Thu Sep 20 2007 Tom Lane <tgl at redhat.com> 8.2.5-1\n\n - Update to PostgreSQL 8.2.5 and pgtcl 1.6.0\n\n - Fix multilib problem for /usr/include/ecpg_config.h (which is new in 8.2.x)\n\n - Use tzdata package's data files instead of private copy, so that postgresql-server need not be turned for routine timezone updates\n\n - Don't remove postgres user/group during RPM uninstall, per Fedora packaging guidelines\n\n - Recent perl changes in rawhide mean we need a more specific BuildRequires\n\n - Wed Jun 20 2007 Tom Lane <tgl at redhat.com> 8.2.4-2\n\n - Fix oversight in postgresql-test makefile: pg_regress isn't a shell script anymore. Per upstream bug 3398.\n\n - Tue Apr 24 2007 Tom Lane <tgl at redhat.com> 8.2.4-1\n\n - Update to PostgreSQL 8.2.4 for CVE-2007-2138, data loss bugs Resolves: #237682\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-01-14T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29948", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-10-29T13:36:34"}, {"id": "FREEBSD_PKG_51436B4C125011DDBAB70016179B2DD5.NASL", "type": "nessus", "title": "FreeBSD : postgresql -- multiple vulnerabilities (51436b4c-1250-11dd-bab7-0016179b2dd5)", "description": "The PostgreSQL developers report :\n\nPostgreSQL allows users to create indexes on the results of user-defined functions, known as 'expression indexes'. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed.\n\nPostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend.\n\nDBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle, but that patch failed to close all forms of the loophole.", "published": "2008-04-28T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32063", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-10-29T13:34:46"}, {"id": "SUSE_POSTGRESQL-4958.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : postgresql (postgresql-4958)", "description": "This version update to 8.1.11 fixes among other things several security issues :\n\n - Index Functions Privilege Escalation: CVE-2007-6600\n\n - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769\n\n - DBLink Privilege Escalation: CVE-2007-6601", "published": "2008-02-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=30198", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6067"], "lastseen": "2017-10-29T13:34:58"}, {"id": "FEDORA_2008-0478.NASL", "type": "nessus", "title": "Fedora 8 : postgresql-8.2.6-1.fc8 (2008-0478)", "description": "- Mon Jan 7 2008 Tom Lane <tgl at redhat.com> 8.2.6-1\n\n - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601\n\n - Make initscript and pam config files be installed unconditionally; seems new buildroots don't necessarily have those directories in place\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-01-14T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29944", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-10-29T13:37:54"}, {"id": "SUSE9_12065.NASL", "type": "nessus", "title": "SuSE9 Security Update : postgresql (YOU Patch Number 12065)", "description": "This version update to 8.1.11 fixes among other things, several security issues :\n\n - Index Functions Privilege Escalation: CVE-2007-6600\n\n - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769\n\n - DBLink Privilege Escalation: CVE-2007-6601", "published": "2009-09-24T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=41193", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-10-29T13:40:47"}, {"id": "SUSE_POSTGRESQL-4962.NASL", "type": "nessus", "title": "SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 4962)", "description": "This version update to 7.4.19 fixes among other things several security issues :\n\n - Index Functions Privilege Escalation: CVE-2007-6600\n\n - Regular Expression Denial-of-Service: CVE-2007-4772 / CVE-2007-6067 / CVE-2007-4769\n\n - DBLink Privilege Escalation: CVE-2007-6601", "published": "2008-02-06T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=30199", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-10-29T13:44:59"}, {"id": "DEBIAN_DSA-1463.NASL", "type": "nessus", "title": "Debian DSA-1463-1 : postgresql-7.4 - several vulnerabilities", "description": "Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete.\n\n - CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.\n\n - CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.\n\n - CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.\n\n - CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.", "published": "2008-01-15T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29968", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2018-07-10T05:28:48"}, {"id": "SL_20080111_POSTGRESQL_ON_SL3_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64", "description": "Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers.\n(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600)\n\nA privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601)", "published": "2012-08-01T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60343", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-10-29T13:34:35"}], "freebsd": [{"id": "51436B4C-1250-11DD-BAB7-0016179B2DD5", "type": "freebsd", "title": "postgresql -- multiple vulnerabilities", "description": "\nThe PostgreSQL developers report:\n\nPostgreSQL allows users to create indexes on the results of\n\t user-defined functions, known as \"expression indexes\". This provided\n\t two vulnerabilities to privilege escalation: (1) index functions\n\t were executed as the superuser and not the table owner during VACUUM\n\t and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION\n\t were permitted within index functions. Both of these holes have now\n\t been closed.\n\n\nPostgreSQL allowed malicious users to initiate a denial-of-service\n\t by passing certain regular expressions in SQL queries. First, users\n\t could create infinite loops using some specific regular expressions.\n\t Second, certain complex regular expressions could consume excessive\n\t amounts of memory. Third, out-of-range backref numbers could be used\n\t to crash the backend.\n\n\nDBLink functions combined with local trust or ident authentication\n\t could be used by a malicious user to gain superuser privileges. This\n\t issue has been fixed, and does not affect users who have not\n\t installed DBLink (an optional module), or who are using password\n\t authentication for local access. This same problem was addressed in\n\t the previous release cycle, but that patch failed to close all forms\n\t of the loophole.\n\n", "published": "2008-01-06T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/51436b4c-1250-11dd-bab7-0016179b2dd5.html", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2016-09-26T17:24:58"}], "suse": [{"id": "SUSE-SA:2008:005", "type": "suse", "title": "remote code execution in postgresql", "description": "The database server PostgreSQL had various security problems which have been fixed by upgrading to the respective minor versions fixing those problems.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-02-06T10:24:49", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2016-09-04T11:37:19"}, {"id": "OPENSUSE-SU-2016:0578-1", "type": "suse", "title": "Security update for postgresql94 (important)", "description": "This update for postgresql94 fixes the following issues:\n\n - Security and bugfix release 9.4.6:\n * *** IMPORTANT *** Users of version 9.4 will need to reindex any\n jsonb_path_ops indexes they have created, in order to fix a persistent\n issue with missing index entries.\n * Fix infinite loops and buffer-overrun problems in regular expressions\n (CVE-2016-0773, bsc#966436).\n * Fix regular-expression compiler to handle loops of constraint arcs\n (CVE-2007-4772).\n * Prevent certain PL/Java parameters from being set by non-superusers\n (CVE-2016-0766, bsc#966435).\n * Fix many issues in pg_dump with specific object types\n * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS\n * Fix deparsing error with ON CONFLICT ... WHERE clauses\n * Fix tableoid errors for postgres_fdw\n * Prevent floating-point exceptions in pgbench\n * Make \\det search Foreign Table names consistently\n * Fix quoting of domain constraint names in pg_dump\n * Prevent putting expanded objects into Const nodes\n * Allow compile of PL/Java on Windows\n * Fix "unresolved symbol" errors in PL/Python execution\n * Allow Python2 and Python3 to be used in the same database\n * Add support for Python 3.5 in PL/Python\n * Fix issue with subdirectory creation during initdb\n * Make pg_ctl report status correctly on Windows\n * Suppress confusing error when using pg_receivexlog with older servers\n * Multiple documentation corrections and additions\n * Fix erroneous hash calculations in gin_extract_jsonb_path()\n - For the full release notse, see:\n <a rel=\"nofollow\" href=\"http://www.postgresql.org/docs/9.4/static/release-9-4-6.html\">http://www.postgresql.org/docs/9.4/static/release-9-4-6.html</a>\n\n - PL/Perl still needs to be linked with rpath, so that it can find\n libperl.so at runtime. bsc#578053, postgresql-plperl-keep-rpath.patch\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "published": "2016-02-25T14:11:50", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html", "cvelist": ["CVE-2016-0773", "CVE-2007-4772", "CVE-2016-0766"], "lastseen": "2016-09-04T11:50:34"}, {"id": "SUSE-SU-2016:0539-1", "type": "suse", "title": "Security update for postgresql93 (important)", "description": "This update for postgresql93 fixes the following issues:\n\n - Security and bugfix release 9.3.11:\n * Fix infinite loops and buffer-overrun problems in regular expressions\n (CVE-2016-0773, bsc#966436).\n * Fix regular-expression compiler to handle loops of constraint arcs\n (CVE-2007-4772).\n * Prevent certain PL/Java parameters from being set by non-superusers\n (CVE-2016-0766, bsc#966435).\n * Fix many issues in pg_dump with specific object types\n * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS\n * Fix deparsing error with ON CONFLICT ... WHERE clauses\n * Fix tableoid errors for postgres_fdw\n * Prevent floating-point exceptions in pgbench\n * Make \\det search Foreign Table names consistently\n * Fix quoting of domain constraint names in pg_dump\n * Prevent putting expanded objects into Const nodes\n * Allow compile of PL/Java on Windows\n * Fix "unresolved symbol" errors in PL/Python execution\n * Allow Python2 and Python3 to be used in the same database\n * Add support for Python 3.5 in PL/Python\n * Fix issue with subdirectory creation during initdb\n * Make pg_ctl report status correctly on Windows\n * Suppress confusing error when using pg_receivexlog with older servers\n * Multiple documentation corrections and additions\n * Fix erroneous hash calculations in gin_extract_jsonb_path()\n - For the full release notse, see:\n <a rel=\"nofollow\" href=\"http://www.postgresql.org/docs/9.3/static/release-9-3-11.html\">http://www.postgresql.org/docs/9.3/static/release-9-3-11.html</a>\n\n", "published": "2016-02-22T14:11:16", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html", "cvelist": ["CVE-2016-0773", "CVE-2007-4772", "CVE-2016-0766"], "lastseen": "2016-09-04T12:21:59"}, {"id": "OPENSUSE-SU-2016:0531-1", "type": "suse", "title": "Security update for postgresql93 (important)", "description": "This update for postgresql93 fixes the following issues:\n\n - Security and bugfix release 9.3.11:\n * Fix infinite loops and buffer-overrun problems in regular expressions\n (CVE-2016-0773, boo#966436).\n * Fix regular-expression compiler to handle loops of constraint arcs\n (CVE-2007-4772).\n * Prevent certain PL/Java parameters from being set by non-superusers\n (CVE-2016-0766, boo#966435).\n * Fix many issues in pg_dump with specific object types\n * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS\n * Fix deparsing error with ON CONFLICT ... WHERE clauses\n * Fix tableoid errors for postgres_fdw\n * Prevent floating-point exceptions in pgbench\n * Make \\det search Foreign Table names consistently\n * Fix quoting of domain constraint names in pg_dump\n * Prevent putting expanded objects into Const nodes\n * Allow compile of PL/Java on Windows\n * Fix "unresolved symbol" errors in PL/Python execution\n * Allow Python2 and Python3 to be used in the same database\n * Add support for Python 3.5 in PL/Python\n * Fix issue with subdirectory creation during initdb\n * Make pg_ctl report status correctly on Windows\n * Suppress confusing error when using pg_receivexlog with older servers\n * Multiple documentation corrections and additions\n * Fix erroneous hash calculations in gin_extract_jsonb_path()\n - For the full release notse, see:\n <a rel=\"nofollow\" href=\"http://www.postgresql.org/docs/9.3/static/release-9-3-11.html\">http://www.postgresql.org/docs/9.3/static/release-9-3-11.html</a>\n\n", "published": "2016-02-21T11:11:04", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html", "cvelist": ["CVE-2016-0773", "CVE-2007-4772", "CVE-2016-0766"], "lastseen": "2016-09-04T11:51:41"}, {"id": "SUSE-SU-2016:0555-1", "type": "suse", "title": "Security update for postgresql94 (important)", "description": "This update for postgresql94 fixes the following issues:\n\n - Security and bugfix release 9.4.6:\n * *** IMPORTANT *** Users of version 9.4 will need to reindex any\n jsonb_path_ops indexes they have created, in order to fix a persistent\n issue with missing index entries.\n * Fix infinite loops and buffer-overrun problems in regular expressions\n (CVE-2016-0773, bsc#966436).\n * Fix regular-expression compiler to handle loops of constraint arcs\n (CVE-2007-4772).\n * Prevent certain PL/Java parameters from being set by non-superusers\n (CVE-2016-0766, bsc#966435).\n * Fix many issues in pg_dump with specific object types\n * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS\n * Fix deparsing error with ON CONFLICT ... WHERE clauses\n * Fix tableoid errors for postgres_fdw\n * Prevent floating-point exceptions in pgbench\n * Make \\det search Foreign Table names consistently\n * Fix quoting of domain constraint names in pg_dump\n * Prevent putting expanded objects into Const nodes\n * Allow compile of PL/Java on Windows\n * Fix "unresolved symbol" errors in PL/Python execution\n * Allow Python2 and Python3 to be used in the same database\n * Add support for Python 3.5 in PL/Python\n * Fix issue with subdirectory creation during initdb\n * Make pg_ctl report status correctly on Windows\n * Suppress confusing error when using pg_receivexlog with older servers\n * Multiple documentation corrections and additions\n * Fix erroneous hash calculations in gin_extract_jsonb_path()\n - For the full release notse, see:\n <a rel=\"nofollow\" href=\"http://www.postgresql.org/docs/9.4/static/release-9-4-6.html\">http://www.postgresql.org/docs/9.4/static/release-9-4-6.html</a>\n\n - PL/Perl still needs to be linked with rpath, so that it can find\n libperl.so at runtime. bsc#578053, postgresql-plperl-keep-rpath.patch\n\n", "published": "2016-02-24T13:12:33", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html", "cvelist": ["CVE-2016-0773", "CVE-2007-4772", "CVE-2016-0766"], "lastseen": "2016-09-04T12:47:17"}, {"id": "SUSE-SU-2016:0677-1", "type": "suse", "title": "Security update for postgresql94 (important)", "description": "This update for postgresql94 fixes the following issues:\n\n - Security and bugfix release 9.4.6:\n * *** IMPORTANT *** Users of version 9.4 will need to reindex any\n jsonb_path_ops indexes they have created, in order to fix a persistent\n issue with missing index entries.\n * Fix infinite loops and buffer-overrun problems in regular expressions\n (CVE-2016-0773, bsc#966436).\n * Fix regular-expression compiler to handle loops of constraint arcs\n (CVE-2007-4772).\n * Prevent certain PL/Java parameters from being set by non-superusers\n (CVE-2016-0766, bsc#966435).\n * Fix many issues in pg_dump with specific object types\n * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS\n * Fix deparsing error with ON CONFLICT ... WHERE clauses\n * Fix tableoid errors for postgres_fdw\n * Prevent floating-point exceptions in pgbench\n * Make \\det search Foreign Table names consistently\n * Fix quoting of domain constraint names in pg_dump\n * Prevent putting expanded objects into Const nodes\n * Allow compile of PL/Java on Windows\n * Fix "unresolved symbol" errors in PL/Python execution\n * Allow Python2 and Python3 to be used in the same database\n * Add support for Python 3.5 in PL/Python\n * Fix issue with subdirectory creation during initdb\n * Make pg_ctl report status correctly on Windows\n * Suppress confusing error when using pg_receivexlog with older servers\n * Multiple documentation corrections and additions\n * Fix erroneous hash calculations in gin_extract_jsonb_path()\n - For the full release notse, see:\n <a rel=\"nofollow\" href=\"http://www.postgresql.org/docs/9.4/static/release-9-4-6.html\">http://www.postgresql.org/docs/9.4/static/release-9-4-6.html</a>\n\n - Security and bugfix release 9.4.5:\n * CVE-2015-5289, bsc#949670: json or jsonb input values constructed from\n arbitrary user input can crash the PostgreSQL server and cause a\n denial of service.\n * CVE-2015-5288, bsc#949669: The crypt() function included with the\n optional pgCrypto extension could be exploited to read a few\n additional bytes of memory. No working exploit for this issue has been\n developed.\n - For the full release notse, see:\n <a rel=\"nofollow\" href=\"http://www.postgresql.org/docs/current/static/release-9-4-5.html\">http://www.postgresql.org/docs/current/static/release-9-4-5.html</a>\n - Relax dependency on libpq to major version.\n\n", "published": "2016-03-07T18:12:35", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00016.html", "cvelist": ["CVE-2015-5289", "CVE-2016-0773", "CVE-2007-4772", "CVE-2016-0766", "CVE-2015-5288"], "lastseen": "2016-09-04T11:46:39"}], "oraclelinux": [{"id": "ELSA-2008-0038", "type": "oraclelinux", "title": "Moderate: postgresql security update ", "description": " [7.4.19-1.el4_6.1]\n - Update to PostgreSQL 7.4.19 to fix CVE-2007-4769, CVE-2007-4772,\n CVE-2007-6067, CVE-2007-6600, CVE-2007-6601\n Resolves: #427135 ", "published": "2008-01-11T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0038.html", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2016-09-04T11:16:19"}, {"id": "ELSA-2008-0039", "type": "oraclelinux", "title": "Moderate: postgresql security update ", "description": " [7.3.21-1]\n - Update to PostgreSQL 7.3.21 to fix CVE-2007-6600, CVE-2007-6601\n Resolves: #427134 ", "published": "2008-01-11T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0039.html", "cvelist": ["CVE-2007-6600", "CVE-2007-6601"], "lastseen": "2016-09-04T11:16:22"}, {"id": "ELSA-2013-0122", "type": "oraclelinux", "title": "tcl security and bug fix update", "description": "[8.4.13-6]\r\n- Fixed infinite loop in regex NFA optimization code\r\n Resolves: CVE-2007-4772\r\n- Fixed O(N^2) compile time (and huge memory requirements) for some regexps\r\n Resolves: CVE-2007-6067\r\n \n[8.4.13-5]\r\n- Threaded / nonthreaded versions of tcl are now switchable through alternatives\r\n Resolves: rhbz#478961", "published": "2013-01-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0122.html", "cvelist": ["CVE-2007-4772", "CVE-2007-6067"], "lastseen": "2016-09-04T11:16:57"}, {"id": "ELSA-2008-0134", "type": "oraclelinux", "title": "Moderate: tcltk security update ", "description": " [8.3.5-92.8]\n - CVE-2008-0553 CVE-2007-5378 CVE-2007-4772\n - problems: regexp, GIF overflow and also GIF overflow\n Resolves: #432511 ", "published": "2008-02-22T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0134.html", "cvelist": ["CVE-2008-0553", "CVE-2007-5378", "CVE-2007-4772"], "lastseen": "2016-09-04T11:16:36"}], "debian": [{"id": "DSA-1460", "type": "debian", "title": "postgresql-8.1 -- several vulnerabilities", "description": "Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: \n\n * [CVE-2007-3278](<https://security-tracker.debian.org/tracker/CVE-2007-3278>)\n\nIt was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as [CVE-2007-6601](<https://security-tracker.debian.org/tracker/CVE-2007-6601>), since the initial upstream fix was incomplete. \n\n * [CVE-2007-4769](<https://security-tracker.debian.org/tracker/CVE-2007-4769>)\n\nTavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. \n\n * [CVE-2007-4772](<https://security-tracker.debian.org/tracker/CVE-2007-4772>)\n\nTavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. \n\n * [CVE-2007-6067](<https://security-tracker.debian.org/tracker/CVE-2007-6067>)\n\nTavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. \n\n * [CVE-2007-6600](<https://security-tracker.debian.org/tracker/CVE-2007-6600>)\n\nFunctions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at <http://www.postgresql.org/about/news.905>. \n\nThe old stable distribution (sarge), doesn't contain postgresql-8.1. \n\nFor the stable distribution (etch), these problems have been fixed in version postgresql-8.1 8.1.11-0etch1. \n\nFor the unstable distribution (sid), these problems have been fixed in version 8.2.6-1 of postgresql-8.2. \n\nWe recommend that you upgrade your postgresql-8.1 (8.1.11-0etch1) package.", "published": "2008-01-13T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1460", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2016-09-02T18:21:24"}], "gentoo": [{"id": "GLSA-200801-15", "type": "gentoo", "title": "PostgreSQL: Multiple vulnerabilities", "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nIf using the \"expression indexes\" feature, PostgreSQL executes index functions as the superuser during VACUUM and ANALYZE instead of the table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the index functions (CVE-2007-6600). Additionally, several errors involving regular expressions were found (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067). Eventually, a privilege escalation vulnerability via unspecified vectors in the DBLink module was reported (CVE-2007-6601). This vulnerability is exploitable when local trust or ident authentication is used, and is due to an incomplete fix of CVE-2007-3278. \n\n### Impact\n\nA remote authenticated attacker could send specially crafted queries containing complex regular expressions to the server that could result in a Denial of Service by a server crash (CVE-2007-4769), an infinite loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two other vulnerabilities can be exploited to gain additional privileges. \n\n### Workaround\n\nThere is no known workaround for all these issues at this time. \n\n### Resolution\n\nAll PostgreSQL users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"dev-db/postgresql\"", "published": "2008-01-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200801-15", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2016-09-06T19:46:10"}], "centos": [{"id": "CESA-2008:0038", "type": "centos", "title": "postgresql security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0038\n\n\nPostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nWill Drewry discovered multiple flaws in PostgreSQL's regular expression\r\nengine. An authenticated attacker could use these flaws to cause a denial\r\nof service by causing the PostgreSQL server to crash, enter an infinite\r\nloop, or use extensive CPU and memory resources while processing queries\r\ncontaining specially crafted regular expressions. Applications that accept\r\nregular expressions from untrusted sources may expose this problem to\r\nunauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed. (CVE-2007-3278,\r\nCVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014576.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014580.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014593.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014594.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014603.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014604.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-jdbc\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0038.html", "published": "2008-01-11T15:27:05", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/014576.html", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2017-10-12T14:45:36"}, {"id": "CESA-2009:1485", "type": "centos", "title": "rh security update", "description": "**CentOS Errata and Security Advisory** CESA-2009:1485\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0039 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nAll PostgreSQL users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If you are running a\nPostgreSQL server, the postgresql service must be restarted for this update\nto take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016179.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016180.html\n\n**Affected packages:**\nrh-postgresql\nrh-postgresql-contrib\nrh-postgresql-devel\nrh-postgresql-docs\nrh-postgresql-jdbc\nrh-postgresql-libs\nrh-postgresql-pl\nrh-postgresql-python\nrh-postgresql-server\nrh-postgresql-tcl\nrh-postgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1485.html", "published": "2009-10-07T22:13:30", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/016179.html", "cvelist": ["CVE-2007-6600", "CVE-2009-3230"], "lastseen": "2017-10-12T14:45:05"}, {"id": "CESA-2009:1484", "type": "centos", "title": "postgresql security update", "description": "**CentOS Errata and Security Advisory** CESA-2009:1484\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0038 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion failure,\npossibly leading to a temporary denial of service. Note: To exploit this\nissue, a locale and client encoding for which specific messages fail to\ntranslate must be selected (the availability of these is determined by an\nadministrator-defined locale setting). (CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\nlist of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016183.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016184.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016272.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016274.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-debuginfo\npostgresql-devel\npostgresql-docs\npostgresql-jdbc\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2009-1484.html", "published": "2009-10-09T16:00:55", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/016183.html", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "lastseen": "2017-10-03T18:25:29"}, {"id": "CESA-2008:0039", "type": "centos", "title": "rh security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0039\n\n\nPostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed.\r\n(CVE-2007-3278, CVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 7.3.21 and resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014571.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014572.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014574.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014579.html\n\n**Affected packages:**\nrh-postgresql\nrh-postgresql-contrib\nrh-postgresql-devel\nrh-postgresql-docs\nrh-postgresql-jdbc\nrh-postgresql-libs\nrh-postgresql-pl\nrh-postgresql-python\nrh-postgresql-server\nrh-postgresql-tcl\nrh-postgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0039.html", "published": "2008-01-11T14:31:56", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/014571.html", "cvelist": ["CVE-2007-6600", "CVE-2007-3278", "CVE-2007-6601"], "lastseen": "2017-10-12T14:44:54"}, {"id": "CESA-2013:0122", "type": "centos", "title": "tcl security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0122\n\n\nTcl (Tool Command Language) provides a powerful platform for creating\nintegration applications that tie together diverse applications, protocols,\ndevices, and frameworks. When paired with the Tk toolkit, Tcl provides a\nfast and powerful way to create cross-platform GUI applications.\n\nTwo denial of service flaws were found in the Tcl regular expression\nhandling engine. If Tcl or an application using Tcl processed a\nspecially-crafted regular expression, it would lead to excessive CPU and\nmemory consumption. (CVE-2007-4772, CVE-2007-6067)\n\nThis update also fixes the following bug:\n\n* Due to a suboptimal implementation of threading in the current version of\nthe Tcl language interpreter, an attempt to use threads in combination with\nfork in a Tcl script could cause the script to stop responding. At the\nmoment, it is not possible to rewrite the source code or drop support for\nthreading entirely. Consequent to this, this update provides a version of\nTcl without threading support in addition to the standard version with this\nsupport. Users who need to use fork in their Tcl scripts and do not require\nthreading can now switch to the version without threading support by using\nthe alternatives command. (BZ#478961)\n\nAll users of Tcl are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/019168.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-January/000450.html\n\n**Affected packages:**\ntcl\ntcl-devel\ntcl-html\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0122.html", "published": "2013-01-09T20:44:22", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-January/019168.html", "cvelist": ["CVE-2007-4772", "CVE-2007-6067"], "lastseen": "2018-03-09T11:45:36"}, {"id": "CESA-2008:0134-01", "type": "centos", "title": "expect, itcl, tcl, tcllib, tclx, tix, tk security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0134-01\n\n\nTcl is a scripting language designed for embedding into other applications\r\nand for use with Tk, a widget set.\r\n\r\nAn input validation flaw was discovered in Tk's GIF image handling. A\r\ncode-size value read from a GIF image was not properly validated before\r\nbeing used, leading to a buffer overflow. A specially crafted GIF file\r\ncould use this to cause a crash or, potentially, execute code with the\r\nprivileges of the application using the Tk graphical toolkit.\r\n(CVE-2008-0553)\r\n\r\nA buffer overflow flaw was discovered in Tk's animated GIF image handling.\r\nAn animated GIF containing an initial image smaller than subsequent images\r\ncould cause a crash or, potentially, execute code with the privileges of\r\nthe application using the Tk library. (CVE-2007-5378)\r\n\r\nA flaw in the Tcl regular expression handling engine was discovered by Will\r\nDrewry. This flaw, first discovered in the Tcl regular expression engine\r\nused in the PostgreSQL database server, resulted in an infinite loop when\r\nprocessing certain regular expressions. (CVE-2007-4772)\r\n\r\nAll users are advised to upgrade to these updated packages which contain\r\nbackported patches which resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014697.html\n\n**Affected packages:**\nexpect\nitcl\ntcl\ntcllib\ntclx\ntix\ntk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2008-02-23T01:59:42", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-February/014697.html", "cvelist": ["CVE-2008-0553", "CVE-2007-5378", "CVE-2007-4772"], "lastseen": "2017-10-12T14:46:28"}, {"id": "CESA-2008:0134", "type": "centos", "title": "expect, expectk, itcl, tcl, tcllib, tcltk, tclx, tix, tk security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0134\n\n\nTcl is a scripting language designed for embedding into other applications\r\nand for use with Tk, a widget set.\r\n\r\nAn input validation flaw was discovered in Tk's GIF image handling. A\r\ncode-size value read from a GIF image was not properly validated before\r\nbeing used, leading to a buffer overflow. A specially crafted GIF file\r\ncould use this to cause a crash or, potentially, execute code with the\r\nprivileges of the application using the Tk graphical toolkit.\r\n(CVE-2008-0553)\r\n\r\nA buffer overflow flaw was discovered in Tk's animated GIF image handling.\r\nAn animated GIF containing an initial image smaller than subsequent images\r\ncould cause a crash or, potentially, execute code with the privileges of\r\nthe application using the Tk library. (CVE-2007-5378)\r\n\r\nA flaw in the Tcl regular expression handling engine was discovered by Will\r\nDrewry. This flaw, first discovered in the Tcl regular expression engine\r\nused in the PostgreSQL database server, resulted in an infinite loop when\r\nprocessing certain regular expressions. (CVE-2007-4772)\r\n\r\nAll users are advised to upgrade to these updated packages which contain\r\nbackported patches which resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014691.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014694.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014706.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014707.html\n\n**Affected packages:**\nexpect\nexpect-devel\nexpectk\nitcl\ntcl\ntcl-devel\ntcl-html\ntcllib\ntcltk\ntclx\ntix\ntk\ntk-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0134.html", "published": "2008-02-22T15:25:04", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-February/014691.html", "cvelist": ["CVE-2008-0553", "CVE-2007-5378", "CVE-2007-4772"], "lastseen": "2017-10-12T14:45:07"}], "redhat": [{"id": "RHSA-2008:0038", "type": "redhat", "title": "(RHSA-2008:0038) Moderate: postgresql security update", "description": "PostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nWill Drewry discovered multiple flaws in PostgreSQL's regular expression\r\nengine. An authenticated attacker could use these flaws to cause a denial\r\nof service by causing the PostgreSQL server to crash, enter an infinite\r\nloop, or use extensive CPU and memory resources while processing queries\r\ncontaining specially crafted regular expressions. Applications that accept\r\nregular expressions from untrusted sources may expose this problem to\r\nunauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed. (CVE-2007-3278,\r\nCVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.", "published": "2008-01-11T05:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0038", "cvelist": ["CVE-2007-3278", "CVE-2007-4769", "CVE-2007-4772", "CVE-2007-6067", "CVE-2007-6600", "CVE-2007-6601"], "lastseen": "2017-09-09T07:20:37"}, {"id": "RHSA-2008:0040", "type": "redhat", "title": "(RHSA-2008:0040) Moderate: postgresql security update", "description": "PostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nWill Drewry discovered multiple flaws in PostgreSQL's regular expression\r\nengine. An authenticated attacker could use these flaws to cause a denial\r\nof service by causing the PostgreSQL server to crash, enter an infinite\r\nloop, or use extensive CPU and memory resources while processing queries\r\ncontaining specially crafted regular expressions. Applications that accept\r\nregular expressions from untrusted sources may expose this problem to\r\nunauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed.\r\n(CVE-2007-3278, CVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 8.1.11 and 8.2.6, and resolve these issues.", "published": "2008-02-01T05:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0040", "cvelist": ["CVE-2007-3278", "CVE-2007-4769", "CVE-2007-4772", "CVE-2007-6067", "CVE-2007-6600", "CVE-2007-6601"], "lastseen": "2018-05-06T19:00:40"}, {"id": "RHSA-2009:1485", "type": "redhat", "title": "(RHSA-2009:1485) Moderate: postgresql security update", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0039 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nAll PostgreSQL users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If you are running a\nPostgreSQL server, the postgresql service must be restarted for this update\nto take effect.", "published": "2009-10-07T04:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1485", "cvelist": ["CVE-2007-6600", "CVE-2009-3230"], "lastseen": "2018-05-27T21:42:34"}, {"id": "RHSA-2009:1484", "type": "redhat", "title": "(RHSA-2009:1484) Moderate: postgresql security update", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0038 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion failure,\npossibly leading to a temporary denial of service. Note: To exploit this\nissue, a locale and client encoding for which specific messages fail to\ntranslate must be selected (the availability of these is determined by an\nadministrator-defined locale setting). (CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\nlist of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.", "published": "2009-10-07T04:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1484", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "lastseen": "2017-09-09T07:20:11"}, {"id": "RHSA-2008:0039", "type": "redhat", "title": "(RHSA-2008:0039) Moderate: postgresql security update", "description": "PostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed.\r\n(CVE-2007-3278, CVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 7.3.21 and resolve these issues.", "published": "2008-01-11T05:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0039", "cvelist": ["CVE-2007-3278", "CVE-2007-6600", "CVE-2007-6601"], "lastseen": "2017-08-01T06:57:32"}, {"id": "RHSA-2009:1461", "type": "redhat", "title": "(RHSA-2009:1461) Important: Red Hat Application Stack v2.4 security and enhancement update", "description": "Red Hat Application Stack v2.4 is an integrated open source application\nstack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise\nApplication Platform (EAP). JBoss EAP is provided through the JBoss EAP\nchannels on the Red Hat Network.\n\nPostgreSQL was updated to version 8.2.14, fixing the following security\nissues:\n\nA flaw was found in the way PostgreSQL handles LDAP-based authentication.\nIf PostgreSQL was configured to use LDAP authentication and the LDAP server\nwas configured to allow anonymous binds, anyone able to connect to a given\ndatabase could use this flaw to log in as any database user, including a\nPostgreSQL superuser, without supplying a password. (CVE-2009-3231)\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0040 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handles external plug-ins. This flaw\ncould allow remote, authenticated users without superuser privileges to\ncrash the back-end server by using the LOAD command on libraries in\n\"/var/lib/pgsql/plugins/\" that have already been loaded, causing a\ntemporary denial of service during crash recovery. (CVE-2009-3229)\n\nMySQL was updated to version 5.0.84, fixing the following security issues:\n\nAn insufficient HTML entities quoting flaw was found in the mysql command\nline client's HTML output mode. If an attacker was able to inject arbitrary\nHTML tags into data stored in a MySQL database, which was later retrieved\nusing the mysql command line client and its HTML output mode, they could\nperform a cross-site scripting (XSS) attack against victims viewing the\nHTML output in a web browser. (CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server logs\nuser commands when creating and deleting databases. A remote, authenticated\nattacker with permissions to CREATE and DROP databases could use these\nflaws to formulate a specifically-crafted SQL command that would cause a\ntemporary denial of service (open connections to mysqld are terminated).\n(CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld\n\"--log\" command line option or the \"log\" option in \"/etc/my.cnf\") must be\nenabled. This logging is not enabled by default.\n\nPHP was updated to version 5.2.10, fixing the following security issue:\n\nAn insufficient input validation flaw was discovered in the PHP\nexif_read_data() function, used to read Exchangeable image file format\n(Exif) metadata from images. An attacker could create a specially-crafted\nimage that could cause the PHP interpreter to crash or disclose portions of\nits memory while reading the Exif metadata from the image. (CVE-2009-2687)\n\nApache httpd has been updated with backported patches to correct the\nfollowing security issues:\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAlso, the following packages have been updated:\n\n* postgresql-jdbc to 8.2.510\n* php-pear to 1.8.1\n* perl-DBI to 1.609\n* perl-DBD-MySQL to 4.012\n\nAll users should upgrade to these updated packages, which resolve these\nissues. Users must restart the individual services, including postgresql,\nmysqld, and httpd, for this update to take effect.", "published": "2009-09-23T04:00:00", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1461", "cvelist": ["CVE-2007-6600", "CVE-2008-4456", "CVE-2009-2446", "CVE-2009-2687", "CVE-2009-3094", "CVE-2009-3095", "CVE-2009-3229", "CVE-2009-3230", "CVE-2009-3231"], "lastseen": "2018-05-06T19:01:25"}, {"id": "RHSA-2013:0122", "type": "redhat", "title": "(RHSA-2013:0122) Moderate: tcl security and bug fix update", "description": "Tcl (Tool Command Language) provides a powerful platform for creating\nintegration applications that tie together diverse applications, protocols,\ndevices, and frameworks. When paired with the Tk toolkit, Tcl provides a\nfast and powerful way to create cross-platform GUI applications.\n\nTwo denial of service flaws were found in the Tcl regular expression\nhandling engine. If Tcl or an application using Tcl processed a\nspecially-crafted regular expression, it would lead to excessive CPU and\nmemory consumption. (CVE-2007-4772, CVE-2007-6067)\n\nThis update also fixes the following bug:\n\n* Due to a suboptimal implementation of threading in the current version of\nthe Tcl language interpreter, an attempt to use threads in combination with\nfork in a Tcl script could cause the script to stop responding. At the\nmoment, it is not possible to rewrite the source code or drop support for\nthreading entirely. Consequent to this, this update provides a version of\nTcl without threading support in addition to the standard version with this\nsupport. Users who need to use fork in their Tcl scripts and do not require\nthreading can now switch to the version without threading support by using\nthe alternatives command. (BZ#478961)\n\nAll users of Tcl are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "published": "2013-01-08T05:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0122", "cvelist": ["CVE-2007-4772", "CVE-2007-6067"], "lastseen": "2017-09-09T07:19:57"}, {"id": "RHSA-2008:0134", "type": "redhat", "title": "(RHSA-2008:0134) Moderate: tcltk security update", "description": "Tcl is a scripting language designed for embedding into other applications\r\nand for use with Tk, a widget set.\r\n\r\nAn input validation flaw was discovered in Tk's GIF image handling. A\r\ncode-size value read from a GIF image was not properly validated before\r\nbeing used, leading to a buffer overflow. A specially crafted GIF file\r\ncould use this to cause a crash or, potentially, execute code with the\r\nprivileges of the application using the Tk graphical toolkit.\r\n(CVE-2008-0553)\r\n\r\nA buffer overflow flaw was discovered in Tk's animated GIF image handling.\r\nAn animated GIF containing an initial image smaller than subsequent images\r\ncould cause a crash or, potentially, execute code with the privileges of\r\nthe application using the Tk library. (CVE-2007-5378)\r\n\r\nA flaw in the Tcl regular expression handling engine was discovered by Will\r\nDrewry. This flaw, first discovered in the Tcl regular expression engine\r\nused in the PostgreSQL database server, resulted in an infinite loop when\r\nprocessing certain regular expressions. (CVE-2007-4772)\r\n\r\nAll users are advised to upgrade to these updated packages which contain\r\nbackported patches which resolve these issues.", "published": "2008-02-21T05:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0134", "cvelist": ["CVE-2007-4772", "CVE-2007-5378", "CVE-2008-0553"], "lastseen": "2018-05-11T21:13:14"}], "ubuntu": [{"id": "USN-568-1", "type": "ubuntu", "title": "PostgreSQL vulnerabilities", "description": "Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. (CVE-2007-3278, CVE-2007-6601)\n\nIt was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n\nIt was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges. (CVE-2007-6600)", "published": "2008-01-14T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/568-1/", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "lastseen": "2018-03-29T18:20:33"}, {"id": "USN-834-1", "type": "ubuntu", "title": "PostgreSQL vulnerabilities", "description": "It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command. A remote authenticated attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 6.06 LTS. (CVE-2009-3229)\n\nDue to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION AUTHORIZATION operations were allowed inside security-definer functions. A remote authenticated attacker could exploit this to escalate privileges within PostgreSQL. (CVE-2009-3230)\n\nIt was discovered that PostgreSQL did not properly perform LDAP authentication under certain circumstances. When configured to use LDAP with anonymous binds, a remote attacker could bypass authentication by supplying an empty password. This issue did not affect Ubuntu 6.06 LTS. (CVE-2009-3231)", "published": "2009-09-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/834-1/", "cvelist": ["CVE-2007-6600", "CVE-2009-3231", "CVE-2009-3230", "CVE-2009-3229"], "lastseen": "2018-03-29T18:20:02"}], "vmware": [{"id": "VMSA-2008-0009", "type": "vmware", "title": "Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", "description": "a. VMware Tools Local Privilege Escalation on Windows-based guest OS \n \nThe VMware Tools Package provides support required for shared folders \n(HGFS) and other features. \n \nAn input validation error is present in the Windows-based VMware \nHGFS.sys driver. Exploitation of this flaw might result in \narbitrary code execution on the guest system by an unprivileged \nguest user. It doesn't matter on what host the Windows guest OS \nis running, as this is a guest driver vulnerability and not a \nvulnerability on the host. \n \nThe HGFS.sys driver is present in the guest operating system if the \nVMware Tools package is loaded. Even if the host has HGFS disabled \nand has no shared folders, Windows-based guests may be affected. This \nis regardless if a host supports HGFS. \n \nThis issue could be mitigated by removing the VMware Tools package \nfrom Windows based guests. However this is not recommended as it \nwould impact usability of the product. \n \nNOTE: Installing the new hosted release or ESX patches will not \nremediate the issue. The VMware Tools packages will need \nto be updated on each Windows-based guest followed by a \nreboot of the guest system. \n \nVMware would like to thank iDefense and Stephen Fewer of Harmony \nSecurity for reporting this issue to us. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the name CVE-2007-5671 to this issue. \n \nVMware Product Running Replace with/ \nProduct Version on Apply Patch \n============ ======== ======= ================= \nWorkstation 6.x Windows not affected \nWorkstation 6.x Linux not affected \nWorkstation 5.x Windows 5.5.6 build 80404 or later \nWorkstation 5.x Linux 5.5.6 build 80404 or later \n \nPlayer 2.x Windows not affected \nPlayer 2.x Linux not affected \nPlayer 1.x Windows 1.0.6 build 80404 or later \nPlayer 1.x Linux 1.0.6 build 80404 or later \n \nACE 2.x Windows not affected \nACE 1.x Windows 1.0.5 build 79846 or later \n \nServer 1.x Windows 1.0.5 build 80187 or later \nServer 1.x Linux 1.0.5 build 80187 or later \n \nFusion 1.x Mac OS/X not affected \n \nESXi 3.5 ESXi not affected \n \nESX 3.5 ESX not affected \nESX 3.0.2 ESX ESX-1004727 \nESX 3.0.1 ESX ESX-1004186 \nESX 2.5.5 ESX ESX 2.5.5 upgrade patch 5 or later \nESX 2.5.4 ESX ESX 2.5.4 upgrade patch 16 or later \n\n", "published": "2008-06-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2008-0009.html", "cvelist": ["CVE-2008-0967", "CVE-2008-0063", "CVE-2008-0553", "CVE-2008-0948", "CVE-2008-0888", "CVE-2007-5378", "CVE-2006-1721", "CVE-2008-2097", "CVE-2007-4772", "CVE-2008-2100", "CVE-2007-5671", "CVE-2008-0062"], "lastseen": "2016-09-04T11:19:37"}]}}
