ID CVE-2006-5540
Summary backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."
References
Vulnerable Configurations
  • cpe:2.3:a:postgresql:postgresql:6.3.2
    cpe:2.3:a:postgresql:postgresql:6.3.2
  • cpe:2.3:a:postgresql:postgresql:6.5.3
    cpe:2.3:a:postgresql:postgresql:6.5.3
  • cpe:2.3:a:postgresql:postgresql:7.0.2
    cpe:2.3:a:postgresql:postgresql:7.0.2
  • cpe:2.3:a:postgresql:postgresql:7.0.3
    cpe:2.3:a:postgresql:postgresql:7.0.3
  • PostgreSQL 7.1
    cpe:2.3:a:postgresql:postgresql:7.1
  • cpe:2.3:a:postgresql:postgresql:7.1.1
    cpe:2.3:a:postgresql:postgresql:7.1.1
  • cpe:2.3:a:postgresql:postgresql:7.1.2
    cpe:2.3:a:postgresql:postgresql:7.1.2
  • cpe:2.3:a:postgresql:postgresql:7.1.3
    cpe:2.3:a:postgresql:postgresql:7.1.3
  • PostgreSQL 7.2
    cpe:2.3:a:postgresql:postgresql:7.2
  • cpe:2.3:a:postgresql:postgresql:7.2.1
    cpe:2.3:a:postgresql:postgresql:7.2.1
  • cpe:2.3:a:postgresql:postgresql:7.2.2
    cpe:2.3:a:postgresql:postgresql:7.2.2
  • cpe:2.3:a:postgresql:postgresql:7.2.3
    cpe:2.3:a:postgresql:postgresql:7.2.3
  • cpe:2.3:a:postgresql:postgresql:7.2.4
    cpe:2.3:a:postgresql:postgresql:7.2.4
  • cpe:2.3:a:postgresql:postgresql:7.2.7
    cpe:2.3:a:postgresql:postgresql:7.2.7
  • PostgreSQL 7.3
    cpe:2.3:a:postgresql:postgresql:7.3
  • PostgreSQL 7.3.1
    cpe:2.3:a:postgresql:postgresql:7.3.1
  • PostgreSQL 7.3.2
    cpe:2.3:a:postgresql:postgresql:7.3.2
  • PostgreSQL 7.3.3
    cpe:2.3:a:postgresql:postgresql:7.3.3
  • PostgreSQL 7.3.4
    cpe:2.3:a:postgresql:postgresql:7.3.4
  • PostgreSQL 7.3.6
    cpe:2.3:a:postgresql:postgresql:7.3.6
  • PostgreSQL 7.3.8
    cpe:2.3:a:postgresql:postgresql:7.3.8
  • PostgreSQL 7.3.9
    cpe:2.3:a:postgresql:postgresql:7.3.9
  • PostgreSQL 7.3.10
    cpe:2.3:a:postgresql:postgresql:7.3.10
  • PostgreSQL 7.3.11
    cpe:2.3:a:postgresql:postgresql:7.3.11
  • PostgreSQL 7.3.12
    cpe:2.3:a:postgresql:postgresql:7.3.12
  • PostgreSQL 7.3.13
    cpe:2.3:a:postgresql:postgresql:7.3.13
  • PostgreSQL 7.3.14
    cpe:2.3:a:postgresql:postgresql:7.3.14
  • PostgreSQL 7.3.15
    cpe:2.3:a:postgresql:postgresql:7.3.15
  • PostgreSQL PostgreSQL 7.4
    cpe:2.3:a:postgresql:postgresql:7.4
  • PostgreSQL PostgreSQL 7.4.1
    cpe:2.3:a:postgresql:postgresql:7.4.1
  • PostgreSQL PostgreSQL 7.4.2
    cpe:2.3:a:postgresql:postgresql:7.4.2
  • PostgreSQL PostgreSQL 7.4.3
    cpe:2.3:a:postgresql:postgresql:7.4.3
  • PostgreSQL PostgreSQL 7.4.4
    cpe:2.3:a:postgresql:postgresql:7.4.4
  • PostgreSQL PostgreSQL 7.4.5
    cpe:2.3:a:postgresql:postgresql:7.4.5
  • PostgreSQL PostgreSQL 7.4.6
    cpe:2.3:a:postgresql:postgresql:7.4.6
  • PostgreSQL PostgreSQL 7.4.7
    cpe:2.3:a:postgresql:postgresql:7.4.7
  • PostgreSQL PostgreSQL 7.4.8
    cpe:2.3:a:postgresql:postgresql:7.4.8
  • PostgreSQL PostgreSQL 7.4.9
    cpe:2.3:a:postgresql:postgresql:7.4.9
  • PostgreSQL PostgreSQL 7.4.10
    cpe:2.3:a:postgresql:postgresql:7.4.10
  • PostgreSQL PostgreSQL 7.4.11
    cpe:2.3:a:postgresql:postgresql:7.4.11
  • PostgreSQL PostgreSQL 7.4.12
    cpe:2.3:a:postgresql:postgresql:7.4.12
  • PostgreSQL PostgreSQL 7.4.13
    cpe:2.3:a:postgresql:postgresql:7.4.13
  • PostgreSQL 8.0
    cpe:2.3:a:postgresql:postgresql:8.0
  • PostgreSQL PostgreSQL 8.0.1
    cpe:2.3:a:postgresql:postgresql:8.0.1
  • PostgreSQL PostgreSQL 8.0.2
    cpe:2.3:a:postgresql:postgresql:8.0.2
  • PostgreSQL PostgreSQL 8.0.3
    cpe:2.3:a:postgresql:postgresql:8.0.3
  • PostgreSQL PostgreSQL 8.0.4
    cpe:2.3:a:postgresql:postgresql:8.0.4
  • PostgreSQL PostgreSQL 8.0.5
    cpe:2.3:a:postgresql:postgresql:8.0.5
  • PostgreSQL PostgreSQL 8.0.6
    cpe:2.3:a:postgresql:postgresql:8.0.6
  • PostgreSQL PostgreSQL 8.0.7
    cpe:2.3:a:postgresql:postgresql:8.0.7
  • PostgreSQL PostgreSQL 8.0.8
    cpe:2.3:a:postgresql:postgresql:8.0.8
  • PostgreSQL 8.1
    cpe:2.3:a:postgresql:postgresql:8.1
  • PostgreSQL 8.1.1
    cpe:2.3:a:postgresql:postgresql:8.1.1
  • PostgreSQL 8.1.2
    cpe:2.3:a:postgresql:postgresql:8.1.2
  • PostgreSQL 8.1.3
    cpe:2.3:a:postgresql:postgresql:8.1.3
  • PostgreSQL 8.1.4
    cpe:2.3:a:postgresql:postgresql:8.1.4
CVSS
Base: 4.0 (as of 29-10-2006 - 19:48)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-194.NASL
    description A vulnerability in PostgreSQL 8.1.x allowed remote authenticated users to cause a Denial of Service (daemon crash) via certain aggregate functions in an UPDATE statement which were not handled correctly (CVE-2006-5540). Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed remote authenticated users to crash the daemon via a coercion of an unknown element to ANYARRAY (CVE-2006-5541). Finally, another vulnerability in 8.1.x could allow a remote authenticated user to cause a DoS related to duration logging of V3-protocol Execute message for COMMIT and ROLLBACK statements (CVE-2006-5542). This updated provides the latest 8.0.x and 8.1.x PostgreSQL versions and patches the version of PostgreSQL shipped with Corporate 3.0. After installing this upgrade, you will need to execute 'service postgresql restart' for it to take effect.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24579
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24579
    title Mandrake Linux Security Advisory : postgresql (MDKSA-2006:194)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-369-1.NASL
    description Michael Fuhr discovered an incorrect type check when handling unknown literals. By attempting to coerce such a literal to the ANYARRAY type, a local authenticated attacker could cause a server crash. Josh Drake and Alvaro Herrera reported a crash when using aggregate functions in UPDATE statements. A local authenticated attacker could exploit this to crash the server backend. This update disables this construct, since it is not very well defined and forbidden by the SQL standard. Sergey Koposov discovered a flaw in the duration logging. This could cause a server crash under certain circumstances. Please note that these flaws can usually not be exploited through web and other applications that use a database and are exposed to untrusted input, so these flaws do not pose a threat in usual setups. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27949
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27949
    title Ubuntu 6.06 LTS : postgresql-8.1 vulnerabilities (USN-369-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0068.NASL
    description Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues (CVE-2007-0555, CVE-2007-0556). Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542). Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.8 which corrects these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25315
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25315
    title RHEL 5 : postgresql (RHSA-2007:0068)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0064.NASL
    description Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). A flaw was found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit this issue (CVE-2007-0555). A denial of service flaw was found affecting the PostgreSQL server running on Red Hat Enterprise Linux 4 systems. An authenticated user could execute a SQL command which could crash the PostgreSQL server. (CVE-2006-5540) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24319
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24319
    title RHEL 3 / 4 : postgresql (RHSA-2007:0064)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-2276.NASL
    description The SQL Server PostgreSQL has been updated to fix the following security problems : - backend/parser/analyze.c in PostgreSQL 8.1.x allowed remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a 'MIN/MAX index optimization.'. (CVE-2006-5540) - backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY. (CVE-2006-5541) - backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements. (CVE-2006-5542)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29557
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29557
    title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 2276)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0064.NASL
    description Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). A flaw was found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit this issue (CVE-2007-0555). A denial of service flaw was found affecting the PostgreSQL server running on Red Hat Enterprise Linux 4 systems. An authenticated user could execute a SQL command which could crash the PostgreSQL server. (CVE-2006-5540) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24290
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24290
    title CentOS 3 / 4 : postgresql (CESA-2007:0064)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0064.NASL
    description From Red Hat Security Advisory 2007:0064 : Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). A flaw was found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit this issue (CVE-2007-0555). A denial of service flaw was found affecting the PostgreSQL server running on Red Hat Enterprise Linux 4 systems. An authenticated user could execute a SQL command which could crash the PostgreSQL server. (CVE-2006-5540) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67447
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67447
    title Oracle Linux 3 / 4 : postgresql (ELSA-2007-0064)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-369-2.NASL
    description USN-369-1 fixed three minor PostgreSQL 8.1 vulnerabilities for Ubuntu 6.06 LTS. This update provides the corresponding update for Ubuntu 6.10. Michael Fuhr discovered an incorrect type check when handling unknown literals. By attempting to coerce such a literal to the ANYARRAY type, a local authenticated attacker could cause a server crash. (CVE-2006-5541) Josh Drake and Alvaro Herrera reported a crash when using aggregate functions in UPDATE statements. A local authenticated attacker could exploit this to crash the server backend. This update disables this construct, since it is not very well defined and forbidden by the SQL standard. (CVE-2006-5540) Sergey Koposov discovered a flaw in the duration logging. This could cause a server crash under certain circumstances. (CVE-2006-5542) Please note that these flaws can usually not be exploited through web and other applications that use a database and are exposed to untrusted input, so these flaws do not pose a threat in usual setups. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27950
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27950
    title Ubuntu 6.10 : postgresql-8.1 vulnerabilities (USN-369-2)
oval via4
accepted 2013-04-29T04:13:58.930-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."
family unix
id oval:org.mitre.oval:def:11425
status accepted
submitted 2010-07-09T03:56:16-04:00
title f service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2007:0064
  • rhsa
    id RHSA-2007:0067
  • rhsa
    id RHSA-2007:0068
rpms
  • rh-postgresql-0:7.3.18-1
  • rh-postgresql-contrib-0:7.3.18-1
  • rh-postgresql-devel-0:7.3.18-1
  • rh-postgresql-docs-0:7.3.18-1
  • rh-postgresql-jdbc-0:7.3.18-1
  • rh-postgresql-libs-0:7.3.18-1
  • rh-postgresql-pl-0:7.3.18-1
  • rh-postgresql-python-0:7.3.18-1
  • rh-postgresql-server-0:7.3.18-1
  • rh-postgresql-tcl-0:7.3.18-1
  • rh-postgresql-test-0:7.3.18-1
  • postgresql-0:7.4.16-1.RHEL4.1
  • postgresql-contrib-0:7.4.16-1.RHEL4.1
  • postgresql-devel-0:7.4.16-1.RHEL4.1
  • postgresql-docs-0:7.4.16-1.RHEL4.1
  • postgresql-jdbc-0:7.4.16-1.RHEL4.1
  • postgresql-libs-0:7.4.16-1.RHEL4.1
  • postgresql-pl-0:7.4.16-1.RHEL4.1
  • postgresql-python-0:7.4.16-1.RHEL4.1
  • postgresql-server-0:7.4.16-1.RHEL4.1
  • postgresql-tcl-0:7.4.16-1.RHEL4.1
  • postgresql-test-0:7.4.16-1.RHEL4.1
  • postgresql-0:8.1.8-1.el5
  • postgresql-contrib-0:8.1.8-1.el5
  • postgresql-devel-0:8.1.8-1.el5
  • postgresql-docs-0:8.1.8-1.el5
  • postgresql-libs-0:8.1.8-1.el5
  • postgresql-pl-0:8.1.8-1.el5
  • postgresql-python-0:8.1.8-1.el5
  • postgresql-server-0:8.1.8-1.el5
  • postgresql-tcl-0:8.1.8-1.el5
  • postgresql-test-0:8.1.8-1.el5
refmap via4
bid 20717
confirm
mandriva MDKSA-2006:194
sectrack 1017115
secunia
  • 22562
  • 22584
  • 22606
  • 22636
  • 23048
  • 23132
  • 24094
  • 24284
  • 24577
sgi 20070201-01-P
suse SUSE-SR:2006:027
trustix 2006-0059
ubuntu
  • USN-369-1
  • USN-369-2
vupen ADV-2006-4182
Last major update 07-03-2011 - 21:43
Published 26-10-2006 - 13:07
Last modified 10-10-2017 - 21:31
Back to Top