Lucene search

[email protected]NVD:CVE-2007-0556

HistoryFeb 06, 2007 - 1:28 a.m.

CVE-2007-0556

2007-02-0601:28:00

[email protected]

web.nvd.nist.gov

6.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:N/A:C

6.8 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

JSON

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a “previously made query plan,” which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an “ALTER COLUMN TYPE” SQL statement, which can be leveraged to read arbitrary memory from the server.

Affected configurations

NVD

Node

postgresqlpostgresqlMatch1.0

postgresqlpostgresqlMatch1.01

postgresqlpostgresqlMatch1.02

postgresqlpostgresqlMatch1.09

postgresqlpostgresqlMatch6.0

postgresqlpostgresqlMatch6.1

postgresqlpostgresqlMatch6.1.1

postgresqlpostgresqlMatch6.2

postgresqlpostgresqlMatch6.2.1

postgresqlpostgresqlMatch6.3

postgresqlpostgresqlMatch6.3.1

postgresqlpostgresqlMatch6.3.2

postgresqlpostgresqlMatch6.4

postgresqlpostgresqlMatch6.4.1

postgresqlpostgresqlMatch6.4.2

postgresqlpostgresqlMatch6.5

postgresqlpostgresqlMatch6.5.1

postgresqlpostgresqlMatch6.5.2

postgresqlpostgresqlMatch6.5.3

postgresqlpostgresqlMatch7.0

postgresqlpostgresqlMatch7.0.1

postgresqlpostgresqlMatch7.0.2

postgresqlpostgresqlMatch7.0.3

postgresqlpostgresqlMatch7.1

postgresqlpostgresqlMatch7.1.1

postgresqlpostgresqlMatch7.1.2

postgresqlpostgresqlMatch7.1.3

postgresqlpostgresqlMatch7.2

postgresqlpostgresqlMatch7.2.1

postgresqlpostgresqlMatch7.2.2

postgresqlpostgresqlMatch7.2.3

postgresqlpostgresqlMatch7.2.4

postgresqlpostgresqlMatch7.2.5

postgresqlpostgresqlMatch7.2.6

postgresqlpostgresqlMatch7.2.7

postgresqlpostgresqlMatch7.2.8

postgresqlpostgresqlMatch7.3

postgresqlpostgresqlMatch7.3.1

postgresqlpostgresqlMatch7.3.2

postgresqlpostgresqlMatch7.3.3

postgresqlpostgresqlMatch7.3.4

postgresqlpostgresqlMatch7.3.5

postgresqlpostgresqlMatch7.3.6

postgresqlpostgresqlMatch7.3.7

postgresqlpostgresqlMatch7.3.8

postgresqlpostgresqlMatch7.3.9

postgresqlpostgresqlMatch7.3.10

postgresqlpostgresqlMatch7.3.11

postgresqlpostgresqlMatch7.3.12

postgresqlpostgresqlMatch7.3.13

postgresqlpostgresqlMatch7.3.14

postgresqlpostgresqlMatch7.3.15

postgresqlpostgresqlMatch7.3.16

postgresqlpostgresqlMatch7.3.17

postgresqlpostgresqlMatch7.3.18

postgresqlpostgresqlMatch7.4

postgresqlpostgresqlMatch7.4.1

postgresqlpostgresqlMatch7.4.2

postgresqlpostgresqlMatch7.4.3

postgresqlpostgresqlMatch7.4.4

postgresqlpostgresqlMatch7.4.5

postgresqlpostgresqlMatch7.4.6

postgresqlpostgresqlMatch7.4.7

postgresqlpostgresqlMatch7.4.8

postgresqlpostgresqlMatch7.4.9

postgresqlpostgresqlMatch7.4.10

postgresqlpostgresqlMatch7.4.11

postgresqlpostgresqlMatch7.4.12

postgresqlpostgresqlMatch7.4.13

postgresqlpostgresqlMatch7.4.14

postgresqlpostgresqlMatch7.4.15

postgresqlpostgresqlMatch7.4.16

postgresqlpostgresqlMatch8.0

postgresqlpostgresqlMatch8.0.1

postgresqlpostgresqlMatch8.0.2

postgresqlpostgresqlMatch8.0.3

postgresqlpostgresqlMatch8.0.4

postgresqlpostgresqlMatch8.0.5

postgresqlpostgresqlMatch8.0.6

postgresqlpostgresqlMatch8.0.7

postgresqlpostgresqlMatch8.0.8

postgresqlpostgresqlMatch8.0.9

postgresqlpostgresqlMatch8.0.10

postgresqlpostgresqlMatch8.1

postgresqlpostgresqlMatch8.1.1

postgresqlpostgresqlMatch8.1.2

postgresqlpostgresqlMatch8.1.3

postgresqlpostgresqlMatch8.1.4

postgresqlpostgresqlMatch8.1.5

postgresqlpostgresqlMatch8.1.6

postgresqlpostgresqlMatch8.2

postgresqlpostgresqlMatch8.2.1

References

fedoranews.org/cms/node/2554

lists.rpath.com/pipermail/security-announce/2007-February/000141.html

osvdb.org/33302

secunia.com/advisories/24028

secunia.com/advisories/24033

secunia.com/advisories/24042

secunia.com/advisories/24050

secunia.com/advisories/24057

secunia.com/advisories/24151

secunia.com/advisories/24315

secunia.com/advisories/24513

secunia.com/advisories/24577

secunia.com/advisories/25220

security.gentoo.org/glsa/glsa-200703-15.xml

securitytracker.com/id?1017597

sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1

support.avaya.com/elmodocs2/security/ASA-2007-117.htm

www.mandriva.com/security/advisories?name=MDKSA-2007:037

www.novell.com/linux/security/advisories/2007_10_sr.html

www.postgresql.org/support/security

www.redhat.com/support/errata/RHSA-2007-0067.html

www.redhat.com/support/errata/RHSA-2007-0068.html

www.securityfocus.com/archive/1/459280/100/0/threaded

www.securityfocus.com/archive/1/459448/100/0/threaded

www.securityfocus.com/bid/22387

www.trustix.org/errata/2007/0007

www.ubuntu.com/usn/usn-417-2

www.vupen.com/english/advisories/2007/0478

www.vupen.com/english/advisories/2007/0774

exchange.xforce.ibmcloud.com/vulnerabilities/32191

issues.rpath.com/browse/RPL-1025

issues.rpath.com/browse/RPL-830

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11353

usn.ubuntu.com/417-1/

6.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:N/A:C

6.8 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for NVD:CVE-2007-0556

postgresql1 cvelist1 cve1 veracode1 prion1 ubuntucve1 nessus10 openvas26 fedora3 securityvulns2 gentoo1 ubuntu1 redhat2 oraclelinux1