ID CVE-2007-4769
Summary The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
References
Vulnerable Configurations
  • PostgreSQL 7.3
    cpe:2.3:a:postgresql:postgresql:7.3
  • PostgreSQL 7.3.1
    cpe:2.3:a:postgresql:postgresql:7.3.1
  • PostgreSQL 7.3.2
    cpe:2.3:a:postgresql:postgresql:7.3.2
  • PostgreSQL 7.3.3
    cpe:2.3:a:postgresql:postgresql:7.3.3
  • PostgreSQL 7.3.4
    cpe:2.3:a:postgresql:postgresql:7.3.4
  • PostgreSQL 7.3.6
    cpe:2.3:a:postgresql:postgresql:7.3.6
  • PostgreSQL 7.3.8
    cpe:2.3:a:postgresql:postgresql:7.3.8
  • PostgreSQL 7.3.9
    cpe:2.3:a:postgresql:postgresql:7.3.9
  • PostgreSQL 7.3.10
    cpe:2.3:a:postgresql:postgresql:7.3.10
  • PostgreSQL 7.3.11
    cpe:2.3:a:postgresql:postgresql:7.3.11
  • PostgreSQL 7.3.12
    cpe:2.3:a:postgresql:postgresql:7.3.12
  • PostgreSQL 7.3.13
    cpe:2.3:a:postgresql:postgresql:7.3.13
  • PostgreSQL 7.3.14
    cpe:2.3:a:postgresql:postgresql:7.3.14
  • PostgreSQL 7.3.15
    cpe:2.3:a:postgresql:postgresql:7.3.15
  • PostgreSQL 7.3.16
    cpe:2.3:a:postgresql:postgresql:7.3.16
  • PostgreSQL 7.3.19
    cpe:2.3:a:postgresql:postgresql:7.3.19
  • PostgreSQL PostgreSQL 7.4
    cpe:2.3:a:postgresql:postgresql:7.4
  • PostgreSQL PostgreSQL 7.4.1
    cpe:2.3:a:postgresql:postgresql:7.4.1
  • PostgreSQL PostgreSQL 7.4.2
    cpe:2.3:a:postgresql:postgresql:7.4.2
  • PostgreSQL PostgreSQL 7.4.3
    cpe:2.3:a:postgresql:postgresql:7.4.3
  • PostgreSQL PostgreSQL 7.4.4
    cpe:2.3:a:postgresql:postgresql:7.4.4
  • PostgreSQL PostgreSQL 7.4.5
    cpe:2.3:a:postgresql:postgresql:7.4.5
  • PostgreSQL PostgreSQL 7.4.6
    cpe:2.3:a:postgresql:postgresql:7.4.6
  • PostgreSQL PostgreSQL 7.4.7
    cpe:2.3:a:postgresql:postgresql:7.4.7
  • PostgreSQL PostgreSQL 7.4.8
    cpe:2.3:a:postgresql:postgresql:7.4.8
  • PostgreSQL PostgreSQL 7.4.9
    cpe:2.3:a:postgresql:postgresql:7.4.9
  • PostgreSQL PostgreSQL 7.4.10
    cpe:2.3:a:postgresql:postgresql:7.4.10
  • PostgreSQL PostgreSQL 7.4.11
    cpe:2.3:a:postgresql:postgresql:7.4.11
  • PostgreSQL PostgreSQL 7.4.12
    cpe:2.3:a:postgresql:postgresql:7.4.12
  • PostgreSQL PostgreSQL 7.4.13
    cpe:2.3:a:postgresql:postgresql:7.4.13
  • PostgreSQL PostgreSQL 7.4.14
    cpe:2.3:a:postgresql:postgresql:7.4.14
  • PostgreSQL PostgreSQL 7.4.16
    cpe:2.3:a:postgresql:postgresql:7.4.16
  • PostgreSQL PostgreSQL 7.4.17
    cpe:2.3:a:postgresql:postgresql:7.4.17
  • PostgreSQL 8.0
    cpe:2.3:a:postgresql:postgresql:8.0
  • PostgreSQL PostgreSQL 8.0.1
    cpe:2.3:a:postgresql:postgresql:8.0.1
  • PostgreSQL PostgreSQL 8.0.2
    cpe:2.3:a:postgresql:postgresql:8.0.2
  • PostgreSQL PostgreSQL 8.0.3
    cpe:2.3:a:postgresql:postgresql:8.0.3
  • PostgreSQL PostgreSQL 8.0.4
    cpe:2.3:a:postgresql:postgresql:8.0.4
  • PostgreSQL PostgreSQL 8.0.5
    cpe:2.3:a:postgresql:postgresql:8.0.5
  • PostgreSQL PostgreSQL 8.0.7
    cpe:2.3:a:postgresql:postgresql:8.0.7
  • PostgreSQL PostgreSQL 8.0.8
    cpe:2.3:a:postgresql:postgresql:8.0.8
  • PostgreSQL PostgreSQL 8.0.9
    cpe:2.3:a:postgresql:postgresql:8.0.9
  • PostgreSQL PostgreSQL 8.0.11
    cpe:2.3:a:postgresql:postgresql:8.0.11
  • PostgreSQL PostgreSQL 8.0.13
    cpe:2.3:a:postgresql:postgresql:8.0.13
  • cpe:2.3:a:postgresql:postgresql:8.0.317
    cpe:2.3:a:postgresql:postgresql:8.0.317
  • PostgreSQL 8.1.1
    cpe:2.3:a:postgresql:postgresql:8.1.1
  • PostgreSQL 8.1.3
    cpe:2.3:a:postgresql:postgresql:8.1.3
  • PostgreSQL 8.1.4
    cpe:2.3:a:postgresql:postgresql:8.1.4
  • PostgreSQL 8.1.5
    cpe:2.3:a:postgresql:postgresql:8.1.5
  • PostgreSQL 8.1.7
    cpe:2.3:a:postgresql:postgresql:8.1.7
  • PostgreSQL 8.1.8
    cpe:2.3:a:postgresql:postgresql:8.1.8
  • PostgreSQL 8.1.9
    cpe:2.3:a:postgresql:postgresql:8.1.9
  • PostgreSQL 8.2
    cpe:2.3:a:postgresql:postgresql:8.2
  • PostgreSQL 8.2.2
    cpe:2.3:a:postgresql:postgresql:8.2.2
  • PostgreSQL 8.2.3
    cpe:2.3:a:postgresql:postgresql:8.2.3
  • PostgreSQL 8.2.4
    cpe:2.3:a:postgresql:postgresql:8.2.4
  • cpe:2.3:a:tcl_tk:tcl_tk:8.4.16
    cpe:2.3:a:tcl_tk:tcl_tk:8.4.16
CVSS
Base: 6.8 (as of 10-01-2008 - 10:16)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-4958.NASL
    description This version update to 8.1.11 fixes among other things several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 30198
    published 2008-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30198
    title openSUSE 10 Security Update : postgresql (postgresql-4958)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1463.NASL
    description Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. - CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 29968
    published 2008-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29968
    title Debian DSA-1463-1 : postgresql-7.4 - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-004.NASL
    description Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067, CVE-2007-4769): three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle (see CVE-2007-3278), but that patch failed to close all forms of the loophole. Updated packages fix these issues by upgrading to the latest maintenance versions of PostgreSQL.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 38083
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38083
    title Mandriva Linux Security Advisory : postgresql (MDVSA-2008:004)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-4955.NASL
    description This version update to 8.2.6 fixes among other things several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 30251
    published 2008-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30251
    title openSUSE 10 Security Update : postgresql (postgresql-4955)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080111_POSTGRESQL_ON_SL3_X.NASL
    description Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60343
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60343
    title Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-4962.NASL
    description This version update to 7.4.19 fixes among other things several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772 / CVE-2007-6067 / CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 30199
    published 2008-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30199
    title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 4962)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200801-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-200801-15 (PostgreSQL: Multiple vulnerabilities) If using the 'expression indexes' feature, PostgreSQL executes index functions as the superuser during VACUUM and ANALYZE instead of the table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the index functions (CVE-2007-6600). Additionally, several errors involving regular expressions were found (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067). Eventually, a privilege escalation vulnerability via unspecified vectors in the DBLink module was reported (CVE-2007-6601). This vulnerability is exploitable when local trust or ident authentication is used, and is due to an incomplete fix of CVE-2007-3278. Impact : A remote authenticated attacker could send specially crafted queries containing complex regular expressions to the server that could result in a Denial of Service by a server crash (CVE-2007-4769), an infinite loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two other vulnerabilities can be exploited to gain additional privileges. Workaround : There is no known workaround for all these issues at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 30120
    published 2008-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30120
    title GLSA-200801-15 : PostgreSQL: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-0478.NASL
    description - Mon Jan 7 2008 Tom Lane 8.2.6-1 - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 - Make initscript and pam config files be installed unconditionally; seems new buildroots don't necessarily have those directories in place Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 29944
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29944
    title Fedora 8 : postgresql-8.2.6-1.fc8 (2008-0478)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0038.NASL
    description Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 29933
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29933
    title CentOS 4 / 5 : postgresql (CESA-2008:0038)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12065.NASL
    description This version update to 8.1.11 fixes among other things, several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41193
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41193
    title SuSE9 Security Update : postgresql (YOU Patch Number 12065)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-568-1.NASL
    description Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. (CVE-2007-3278, CVE-2007-6601) It was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) It was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges. (CVE-2007-6600). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 29978
    published 2008-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29978
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : postgresql vulnerabilities (USN-568-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0038.NASL
    description From Red Hat Security Advisory 2008:0038 : Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67638
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67638
    title Oracle Linux 4 / 5 : postgresql (ELSA-2008-0038)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_51436B4C125011DDBAB70016179B2DD5.NASL
    description The PostgreSQL developers report : PostgreSQL allows users to create indexes on the results of user-defined functions, known as 'expression indexes'. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed. PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle, but that patch failed to close all forms of the loophole.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 32063
    published 2008-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32063
    title FreeBSD : postgresql -- multiple vulnerabilities (51436b4c-1250-11dd-bab7-0016179b2dd5)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-0552.NASL
    description - Mon Jan 7 2008 Tom Lane 8.2.6-1 - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 - Make initscript and pam config files be installed unconditionally; seems new buildroots don't necessarily have those directories in place - Thu Sep 20 2007 Tom Lane 8.2.5-1 - Update to PostgreSQL 8.2.5 and pgtcl 1.6.0 - Fix multilib problem for /usr/include/ecpg_config.h (which is new in 8.2.x) - Use tzdata package's data files instead of private copy, so that postgresql-server need not be turned for routine timezone updates - Don't remove postgres user/group during RPM uninstall, per Fedora packaging guidelines - Recent perl changes in rawhide mean we need a more specific BuildRequires - Wed Jun 20 2007 Tom Lane 8.2.4-2 - Fix oversight in postgresql-test makefile: pg_regress isn't a shell script anymore. Per upstream bug 3398. - Tue Apr 24 2007 Tom Lane 8.2.4-1 - Update to PostgreSQL 8.2.4 for CVE-2007-2138, data loss bugs Resolves: #237682 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 29948
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29948
    title Fedora 7 : postgresql-8.2.6-1.fc7 (2008-0552)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0038.NASL
    description Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 29955
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29955
    title RHEL 4 / 5 : postgresql (RHSA-2008:0038)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1460.NASL
    description Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. - CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 29937
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29937
    title Debian DSA-1460-1 : postgresql-8.1 - several vulnerabilities
oval via4
accepted 2013-04-29T04:22:23.332-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
family unix
id oval:org.mitre.oval:def:9804
status accepted
submitted 2010-07-09T03:56:16-04:00
title The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2008:0038
  • rhsa
    id RHSA-2008:0040
rpms
  • postgresql-0:7.4.19-1.el4_6.1
  • postgresql-contrib-0:7.4.19-1.el4_6.1
  • postgresql-devel-0:7.4.19-1.el4_6.1
  • postgresql-docs-0:7.4.19-1.el4_6.1
  • postgresql-jdbc-0:7.4.19-1.el4_6.1
  • postgresql-libs-0:7.4.19-1.el4_6.1
  • postgresql-pl-0:7.4.19-1.el4_6.1
  • postgresql-python-0:7.4.19-1.el4_6.1
  • postgresql-server-0:7.4.19-1.el4_6.1
  • postgresql-tcl-0:7.4.19-1.el4_6.1
  • postgresql-test-0:7.4.19-1.el4_6.1
  • postgresql-0:8.1.11-1.el5_1.1
  • postgresql-contrib-0:8.1.11-1.el5_1.1
  • postgresql-devel-0:8.1.11-1.el5_1.1
  • postgresql-docs-0:8.1.11-1.el5_1.1
  • postgresql-libs-0:8.1.11-1.el5_1.1
  • postgresql-pl-0:8.1.11-1.el5_1.1
  • postgresql-python-0:8.1.11-1.el5_1.1
  • postgresql-server-0:8.1.11-1.el5_1.1
  • postgresql-tcl-0:8.1.11-1.el5_1.1
  • postgresql-test-0:8.1.11-1.el5_1.1
refmap via4
bid 27163
bugtraq
  • 20080107 PostgreSQL 2007-01-07 Cumulative Security Release
  • 20080115 rPSA-2008-0016-1 postgresql postgresql-server
confirm
debian
  • DSA-1460
  • DSA-1463
fedora
  • FEDORA-2008-0478
  • FEDORA-2008-0552
gentoo GLSA-200801-15
hp
  • HPSBTU02325
  • SSRT080006
mandriva MDVSA-2008:004
sectrack 1019157
secunia
  • 28359
  • 28376
  • 28437
  • 28438
  • 28454
  • 28455
  • 28464
  • 28477
  • 28479
  • 28679
  • 28698
  • 29638
sunalert
  • 103197
  • 200559
suse SUSE-SA:2008:005
ubuntu USN-568-1
vupen
  • ADV-2008-0061
  • ADV-2008-0109
  • ADV-2008-1071
xf postgresql-backref-dos(39499)
Last major update 10-08-2011 - 00:00
Published 09-01-2008 - 16:46
Last modified 15-10-2018 - 17:37
Back to Top