ID CVE-2007-0555
Summary PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
References
Vulnerable Configurations
  • PostgreSQL 7.3
    cpe:2.3:a:postgresql:postgresql:7.3
  • PostgreSQL PostgreSQL 7.4
    cpe:2.3:a:postgresql:postgresql:7.4
  • PostgreSQL 8.0
    cpe:2.3:a:postgresql:postgresql:8.0
  • PostgreSQL 8.1
    cpe:2.3:a:postgresql:postgresql:8.1
  • PostgreSQL 8.2
    cpe:2.3:a:postgresql:postgresql:8.2
CVSS
Base: 8.5 (as of 06-02-2007 - 08:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-037.NASL
    description Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents that the user should not be able to see. Note that a user must be authenticated in order to exploit this (CVE-2007-0555). As well, Jeff Trout also discovered that the query planner did not verify that a table was still compatible with a previously-generated query plan, which could be exploited to read out arbitrary locations of the server's memory by using ALTER COLUMN TYPE during query execution. Again, a user must be authenticated in order to exploit this (CVE-2007-0556). Update : The previous update updated PostgreSQL to upstream versions, including 8.1.7 which contained a bug with typemod data types used with check constraints and expression indexes. This regression has been corrected in the new 8.1.8 version that is being provided.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 24650
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24650
    title Mandrake Linux Security Advisory : postgresql (MDKSA-2007:037-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-417-1.NASL
    description Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. An authenticated attacker could exploit this to crash the database server or read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see. (CVE-2007-0555) Jeff Trout reported that the query planner did not verify that a table was still compatible with a previously made query plan. By using ALTER COLUMN TYPE during query execution, an attacker could exploit this to read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see. (CVE-2007-0556). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28007
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28007
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : postgresql-7.4/-8.0/-8.1 vulnerabilities (USN-417-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0068.NASL
    description Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues (CVE-2007-0555, CVE-2007-0556). Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542). Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.8 which corrects these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25315
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25315
    title RHEL 5 : postgresql (RHSA-2007:0068)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11509.NASL
    description This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. (CVE-2007-0555 CVE-2007-0556)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41132
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41132
    title SuSE9 Security Update : PostgreSQL (YOU Patch Number 11509)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1261.NASL
    description It was discovered that the PostgreSQL database performs insufficient type checking for SQL function arguments, which might lead to denial of service or information disclosure.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 24359
    published 2007-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24359
    title Debian DSA-1261-1 : postgresql - several vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0064.NASL
    description Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). A flaw was found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit this issue (CVE-2007-0555). A denial of service flaw was found affecting the PostgreSQL server running on Red Hat Enterprise Linux 4 systems. An authenticated user could execute a SQL command which could crash the PostgreSQL server. (CVE-2006-5540) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24319
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24319
    title RHEL 3 / 4 : postgresql (RHSA-2007:0064)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-198.NASL
    description - Sun Feb 4 2007 Tom Lane 8.1.7-1 - Update to PostgreSQL 8.1.7 to fix CVE-2007-0555, CVE-2007-0556 Related: #225496 - Wed Jan 10 2007 Tom Lane 8.1.6-1 - Update to PostgreSQL 8.1.6 - Mon Dec 11 2006 Tom Lane 8.1.5-1 - Update to PostgreSQL 8.1.5 - Update to PyGreSQL 3.8.1 - Adjust init script to not fool /etc/rc.d/rc Resolves: #161470 - Fix chcon arguments in test/regress/Makefile Resolves: #201035 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24302
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24302
    title Fedora Core 5 : postgresql-8.1.7-1.fc5 (2007-198)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-3243.NASL
    description This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. (CVE-2007-0555, CVE-2007-0556)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27401
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27401
    title openSUSE 10 Security Update : postgresql (postgresql-3243)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-417-2.NASL
    description USN-417-1 fixed several vulnerabilities in the PostgreSQL server. Unfortunately this update had a regression that caused some valid queries to be aborted with a type error. This update corrects that problem. We apologize for the inconvenience. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28008
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28008
    title Ubuntu 6.06 LTS / 6.10 : postgresql-8.1 regression (USN-417-2)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0064.NASL
    description Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). A flaw was found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit this issue (CVE-2007-0555). A denial of service flaw was found affecting the PostgreSQL server running on Red Hat Enterprise Linux 4 systems. An authenticated user could execute a SQL command which could crash the PostgreSQL server. (CVE-2006-5540) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24290
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24290
    title CentOS 3 / 4 : postgresql (CESA-2007:0064)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0064.NASL
    description From Red Hat Security Advisory 2007:0064 : Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). A flaw was found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit this issue (CVE-2007-0555). A denial of service flaw was found affecting the PostgreSQL server running on Red Hat Enterprise Linux 4 systems. An authenticated user could execute a SQL command which could crash the PostgreSQL server. (CVE-2006-5540) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67447
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67447
    title Oracle Linux 3 / 4 : postgresql (ELSA-2007-0064)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-3244.NASL
    description This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. (CVE-2007-0555 / CVE-2007-0556)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29558
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29558
    title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 3244)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200703-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-200703-15 (PostgreSQL: Multiple vulnerabilities) PostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner. Impact : A remote authenticated attacker could send specially crafted queries to the server that could result in a server crash and possibly the unauthorized reading of some database content or arbitrary memory. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 24840
    published 2007-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24840
    title GLSA-200703-15 : PostgreSQL: Multiple vulnerabilities
oval via4
accepted 2013-04-29T04:21:45.588-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
family unix
id oval:org.mitre.oval:def:9739
status accepted
submitted 2010-07-09T03:56:16-04:00
title PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
version 24
redhat via4
advisories
  • bugzilla
    id 225493
    title CVE-2007-0555 PostgreSQL arbitrary memory read flaw
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • OR
        • AND
          • comment rh-postgresql is earlier than 0:7.3.18-1
            oval oval:com.redhat.rhsa:tst:20070064002
          • comment rh-postgresql is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064003
        • AND
          • comment rh-postgresql-contrib is earlier than 0:7.3.18-1
            oval oval:com.redhat.rhsa:tst:20070064016
          • comment rh-postgresql-contrib is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064017
        • AND
          • comment rh-postgresql-devel is earlier than 0:7.3.18-1
            oval oval:com.redhat.rhsa:tst:20070064012
          • comment rh-postgresql-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064013
        • AND
          • comment rh-postgresql-docs is earlier than 0:7.3.18-1
            oval oval:com.redhat.rhsa:tst:20070064008
          • comment rh-postgresql-docs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064009
        • AND
          • comment rh-postgresql-jdbc is earlier than 0:7.3.18-1
            oval oval:com.redhat.rhsa:tst:20070064004
          • comment rh-postgresql-jdbc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064005
        • AND
          • comment rh-postgresql-libs is earlier than 0:7.3.18-1
            oval oval:com.redhat.rhsa:tst:20070064010
          • comment rh-postgresql-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064011
        • AND
          • comment rh-postgresql-pl is earlier than 0:7.3.18-1
            oval oval:com.redhat.rhsa:tst:20070064014
          • comment rh-postgresql-pl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064015
        • AND
          • comment rh-postgresql-python is earlier than 0:7.3.18-1
            oval oval:com.redhat.rhsa:tst:20070064018
          • comment rh-postgresql-python is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064019
        • AND
          • comment rh-postgresql-server is earlier than 0:7.3.18-1
            oval oval:com.redhat.rhsa:tst:20070064020
          • comment rh-postgresql-server is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064021
        • AND
          • comment rh-postgresql-tcl is earlier than 0:7.3.18-1
            oval oval:com.redhat.rhsa:tst:20070064022
          • comment rh-postgresql-tcl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064023
        • AND
          • comment rh-postgresql-test is earlier than 0:7.3.18-1
            oval oval:com.redhat.rhsa:tst:20070064006
          • comment rh-postgresql-test is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064007
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment postgresql is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064025
          • comment postgresql is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064026
        • AND
          • comment postgresql-contrib is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064037
          • comment postgresql-contrib is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064038
        • AND
          • comment postgresql-devel is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064035
          • comment postgresql-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064036
        • AND
          • comment postgresql-docs is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064045
          • comment postgresql-docs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064046
        • AND
          • comment postgresql-jdbc is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064031
          • comment postgresql-jdbc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064032
        • AND
          • comment postgresql-libs is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064029
          • comment postgresql-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064030
        • AND
          • comment postgresql-pl is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064027
          • comment postgresql-pl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064028
        • AND
          • comment postgresql-python is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064043
          • comment postgresql-python is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064044
        • AND
          • comment postgresql-server is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064033
          • comment postgresql-server is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064034
        • AND
          • comment postgresql-tcl is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064039
          • comment postgresql-tcl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064040
        • AND
          • comment postgresql-test is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064041
          • comment postgresql-test is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064042
    rhsa
    id RHSA-2007:0064
    released 2007-02-07
    severity Moderate
    title RHSA-2007:0064: postgresql security update (Moderate)
  • rhsa
    id RHSA-2007:0067
  • rhsa
    id RHSA-2007:0068
rpms
  • rh-postgresql-0:7.3.18-1
  • rh-postgresql-contrib-0:7.3.18-1
  • rh-postgresql-devel-0:7.3.18-1
  • rh-postgresql-docs-0:7.3.18-1
  • rh-postgresql-jdbc-0:7.3.18-1
  • rh-postgresql-libs-0:7.3.18-1
  • rh-postgresql-pl-0:7.3.18-1
  • rh-postgresql-python-0:7.3.18-1
  • rh-postgresql-server-0:7.3.18-1
  • rh-postgresql-tcl-0:7.3.18-1
  • rh-postgresql-test-0:7.3.18-1
  • postgresql-0:7.4.16-1.RHEL4.1
  • postgresql-contrib-0:7.4.16-1.RHEL4.1
  • postgresql-devel-0:7.4.16-1.RHEL4.1
  • postgresql-docs-0:7.4.16-1.RHEL4.1
  • postgresql-libs-0:7.4.16-1.RHEL4.1
  • postgresql-pl-0:7.4.16-1.RHEL4.1
  • postgresql-python-0:7.4.16-1.RHEL4.1
  • postgresql-server-0:7.4.16-1.RHEL4.1
  • postgresql-tcl-0:7.4.16-1.RHEL4.1
  • postgresql-test-0:7.4.16-1.RHEL4.1
  • postgresql-0:8.1.8-1.el5
  • postgresql-contrib-0:8.1.8-1.el5
  • postgresql-devel-0:8.1.8-1.el5
  • postgresql-docs-0:8.1.8-1.el5
  • postgresql-libs-0:8.1.8-1.el5
  • postgresql-pl-0:8.1.8-1.el5
  • postgresql-python-0:8.1.8-1.el5
  • postgresql-server-0:8.1.8-1.el5
  • postgresql-tcl-0:8.1.8-1.el5
  • postgresql-test-0:8.1.8-1.el5
refmap via4
bid 22387
bugtraq
  • 20070206 rPSA-2007-0025-1 postgresql postgresql-server
  • 20070208 rPSA-2007-0025-2 postgresql postgresql-server
confirm
debian DSA-1261
fedora FEDORA-2007-198
gentoo GLSA-200703-15
mandriva MDKSA-2007:037
mlist [security-announce] 20070206 rPSA-2007-0025-1 postgresql postgresql-server
osvdb 33087
sectrack 1017597
secunia
  • 24028
  • 24033
  • 24042
  • 24050
  • 24057
  • 24094
  • 24151
  • 24158
  • 24284
  • 24315
  • 24513
  • 24577
  • 25220
sgi 20070201-01-P
sunalert 102825
suse SUSE-SR:2007:010
trustix 2007-0007
ubuntu
  • USN-417-1
  • USN-417-2
vupen
  • ADV-2007-0478
  • ADV-2007-0774
xf postgresql-sqlfunctions-info-disclosure(32195)
Last major update 07-03-2011 - 21:50
Published 05-02-2007 - 20:28
Last modified 16-10-2018 - 12:33
Back to Top