ID CVE-2006-0678
Summary PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553.
References
Vulnerable Configurations
  • PostgreSQL 7.3
    cpe:2.3:a:postgresql:postgresql:7.3
  • PostgreSQL 7.3.1
    cpe:2.3:a:postgresql:postgresql:7.3.1
  • PostgreSQL 7.3.2
    cpe:2.3:a:postgresql:postgresql:7.3.2
  • PostgreSQL 7.3.3
    cpe:2.3:a:postgresql:postgresql:7.3.3
  • PostgreSQL 7.3.4
    cpe:2.3:a:postgresql:postgresql:7.3.4
  • PostgreSQL 7.3.5
    cpe:2.3:a:postgresql:postgresql:7.3.5
  • PostgreSQL 7.3.6
    cpe:2.3:a:postgresql:postgresql:7.3.6
  • PostgreSQL 7.3.7
    cpe:2.3:a:postgresql:postgresql:7.3.7
  • PostgreSQL 7.3.8
    cpe:2.3:a:postgresql:postgresql:7.3.8
  • PostgreSQL 7.3.9
    cpe:2.3:a:postgresql:postgresql:7.3.9
  • PostgreSQL 7.3.10
    cpe:2.3:a:postgresql:postgresql:7.3.10
  • PostgreSQL 7.3.11
    cpe:2.3:a:postgresql:postgresql:7.3.11
  • PostgreSQL 7.3.12
    cpe:2.3:a:postgresql:postgresql:7.3.12
  • PostgreSQL 7.3.13
    cpe:2.3:a:postgresql:postgresql:7.3.13
  • PostgreSQL PostgreSQL 7.4
    cpe:2.3:a:postgresql:postgresql:7.4
  • PostgreSQL PostgreSQL 7.4.1
    cpe:2.3:a:postgresql:postgresql:7.4.1
  • PostgreSQL PostgreSQL 7.4.2
    cpe:2.3:a:postgresql:postgresql:7.4.2
  • PostgreSQL PostgreSQL 7.4.3
    cpe:2.3:a:postgresql:postgresql:7.4.3
  • PostgreSQL PostgreSQL 7.4.4
    cpe:2.3:a:postgresql:postgresql:7.4.4
  • PostgreSQL PostgreSQL 7.4.5
    cpe:2.3:a:postgresql:postgresql:7.4.5
  • PostgreSQL PostgreSQL 7.4.6
    cpe:2.3:a:postgresql:postgresql:7.4.6
  • PostgreSQL PostgreSQL 7.4.7
    cpe:2.3:a:postgresql:postgresql:7.4.7
  • PostgreSQL PostgreSQL 7.4.8
    cpe:2.3:a:postgresql:postgresql:7.4.8
  • PostgreSQL PostgreSQL 7.4.9
    cpe:2.3:a:postgresql:postgresql:7.4.9
  • PostgreSQL PostgreSQL 7.4.10
    cpe:2.3:a:postgresql:postgresql:7.4.10
  • PostgreSQL PostgreSQL 7.4.11
    cpe:2.3:a:postgresql:postgresql:7.4.11
  • PostgreSQL 8.0
    cpe:2.3:a:postgresql:postgresql:8.0
  • PostgreSQL PostgreSQL 8.0.1
    cpe:2.3:a:postgresql:postgresql:8.0.1
  • PostgreSQL PostgreSQL 8.0.2
    cpe:2.3:a:postgresql:postgresql:8.0.2
  • PostgreSQL PostgreSQL 8.0.3
    cpe:2.3:a:postgresql:postgresql:8.0.3
  • PostgreSQL PostgreSQL 8.0.4
    cpe:2.3:a:postgresql:postgresql:8.0.4
  • PostgreSQL PostgreSQL 8.0.5
    cpe:2.3:a:postgresql:postgresql:8.0.5
  • PostgreSQL PostgreSQL 8.0.6
    cpe:2.3:a:postgresql:postgresql:8.0.6
  • PostgreSQL 8.1
    cpe:2.3:a:postgresql:postgresql:8.1
  • PostgreSQL 8.1.1
    cpe:2.3:a:postgresql:postgresql:8.1.1
  • PostgreSQL 8.1.2
    cpe:2.3:a:postgresql:postgresql:8.1.2
CVSS
Base: 1.5 (as of 28-02-2006 - 15:13)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Ubuntu Local Security Checks
NASL id UBUNTU_USN-258-1.NASL
description Akio Ishida discovered that the SET SESSION AUTHORIZATION command did not properly verify the validity of its argument. An authenticated PostgreSQL user could exploit this to crash the server. However, this does not affect the official binary Ubuntu packages. The crash can only be triggered if the source package is rebuilt with assertions enabled (which is not the case in the official binary packages). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen 2019-02-21
modified 2018-08-15
plugin id 21066
published 2006-03-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=21066
title Ubuntu 4.10 / 5.04 / 5.10 : postgresql-7.4, postgresql-8.0, postgresql vulnerability (USN-258-1)
refmap via4
bid 16650
bugtraq 20060215 PostgreSQL security releases 8.1.3, 8.0.7, 7.4.12, 7.3.14
confirm http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3
openpkg OpenPKG-SA-2006.004
secunia
  • 18890
  • 19015
  • 19035
sreason 498
trustix 2006-0008
ubuntu USN-258-1
vupen ADV-2006-0605
xf postgresql-setsessionauth-dos(24719)
Last major update 07-03-2011 - 21:30
Published 14-02-2006 - 14:06
Last modified 19-10-2018 - 11:45
Back to Top