Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200703-15
HistoryMar 16, 2007 - 12:00 a.m.

PostgreSQL: Multiple vulnerabilities

2007-03-1600:00:00
Gentoo Foundation
security.gentoo.org
15

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:N/A:C

0.013 Low

EPSS

Percentile

85.7%

JSON

Background

PostgreSQL is an open source object-relational database management system.

Description

PostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner.

Impact

A remote authenticated attacker could send specially crafted queries to the server that could result in a server crash and possibly the unauthorized reading of some database content or arbitrary memory.

Workaround

There is no known workaround at this time.

Resolution

All PostgreSQL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "dev-db/postgresql"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/postgresql< 8.0.11UNKNOWN

Related

nessus 14
openvas 28
fedora 3
ubuntu 1
securityvulns 2
veracode 2
cvelist 2
redhat 3
postgresql 2
nvd 2
ubuntucve 2
prion 2
cve 2
debian 1
oraclelinux 2
centos 1
nessus
nessus
Ubuntu 6.06 LTS / 6.10 : postgresql-8.1 regression (USN-417-2)
2007-11-10 00:00:00
Ubuntu 5.10 / 6.06 LTS / 6.10 : postgresql-7.4/-8.0/-8.1 vulnerabilities (USN-417-1)
2007-11-10 00:00:00
SuSE9 Security Update : PostgreSQL (YOU Patch Number 11509)
2009-09-24 00:00:00
openvas
openvas
Fedora Update for postgresql FEDORA-2007-197
2009-02-27 00:00:00
Mandriva Update for postgresql MDKSA-2007:037 (postgresql)
2009-04-09 00:00:00
Solaris Update for PostgresSQL 123590-12
2010-02-03 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: postgresql-8.1.7-1.fc6
2007-02-05 17:08:15
[SECURITY] Fedora Core 5 Update: postgresql-8.1.7-1.fc5
2007-02-05 17:09:11
[SECURITY] Fedora Core 5 Update: postgresql-8.1.9-1.fc5
2007-06-06 17:24:23
ubuntu
ubuntu
PostgreSQL vulnerabilities
2007-02-06 00:00:00
securityvulns
securityvulns
[Full-disclosure] [USN-417-1] PostgreSQL vulnerabilities
2007-02-05 00:00:00
PostgreSQL multiple security vulnerabilities
2007-02-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:16:46
Denial Of Service (DoS)
2020-04-10 00:16:46
cvelist
cvelist
CVE-2007-0555
2007-02-06 01:00:00
CVE-2007-0556
2007-02-06 01:00:00
redhat
redhat
(RHSA-2007:0068) Moderate: postgresql security update
2007-03-14 00:00:00
(RHSA-2007:0067) Moderate: postgresql security update
2007-02-07 00:00:00
(RHSA-2007:0064) Moderate: postgresql security update
2007-02-07 00:00:00
postgresql
postgresql
Vulnerability in core server (CVE-2007-0556)
2007-02-06 01:28:00
Vulnerability in core server (CVE-2007-0555)
2007-02-06 01:28:00
nvd
nvd
CVE-2007-0556
2007-02-06 01:28:00
CVE-2007-0555
2007-02-06 01:28:00
ubuntucve
ubuntucve
CVE-2007-0555
2007-02-06 00:00:00
CVE-2007-0556
2007-02-06 00:00:00
prion
prion
Code injection
2007-02-06 01:28:00
Memory corruption
2007-02-06 01:28:00
cve
cve
CVE-2007-0556
2007-02-06 01:28:00
CVE-2007-0555
2007-02-06 01:28:00
debian
debian
[SECURITY] [DSA 1261-1] New PostgreSQL packages fix several vulnerabilities
2007-02-15 23:36:39
oraclelinux
oraclelinux
Moderate: postgresql security update
2007-05-08 00:00:00
Moderate: postgresql security update
2007-02-07 00:00:00
centos
centos
postgresql, rh security update
2007-02-07 23:16:48

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:N/A:C

0.013 Low

EPSS

Percentile

85.7%

JSON
Related for GLSA-200703-15
nessus14openvas28fedora3ubuntu1securityvulns2veracode2cvelist2redhat3postgresql2nvd2ubuntucve2prion2cve2debian1oraclelinux2centos1