ID CVE-2007-6601
Summary The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
References
Vulnerable Configurations
  • PostgreSQL 7.3
    cpe:2.3:a:postgresql:postgresql:7.3
  • PostgreSQL 7.3.1
    cpe:2.3:a:postgresql:postgresql:7.3.1
  • PostgreSQL 7.3.2
    cpe:2.3:a:postgresql:postgresql:7.3.2
  • PostgreSQL 7.3.3
    cpe:2.3:a:postgresql:postgresql:7.3.3
  • PostgreSQL 7.3.4
    cpe:2.3:a:postgresql:postgresql:7.3.4
  • PostgreSQL 7.3.6
    cpe:2.3:a:postgresql:postgresql:7.3.6
  • PostgreSQL 7.3.8
    cpe:2.3:a:postgresql:postgresql:7.3.8
  • PostgreSQL 7.3.9
    cpe:2.3:a:postgresql:postgresql:7.3.9
  • PostgreSQL 7.3.10
    cpe:2.3:a:postgresql:postgresql:7.3.10
  • PostgreSQL 7.3.11
    cpe:2.3:a:postgresql:postgresql:7.3.11
  • PostgreSQL 7.3.12
    cpe:2.3:a:postgresql:postgresql:7.3.12
  • PostgreSQL 7.3.13
    cpe:2.3:a:postgresql:postgresql:7.3.13
  • PostgreSQL 7.3.14
    cpe:2.3:a:postgresql:postgresql:7.3.14
  • PostgreSQL 7.3.15
    cpe:2.3:a:postgresql:postgresql:7.3.15
  • PostgreSQL 7.3.16
    cpe:2.3:a:postgresql:postgresql:7.3.16
  • PostgreSQL 7.3.19
    cpe:2.3:a:postgresql:postgresql:7.3.19
  • PostgreSQL PostgreSQL 7.4
    cpe:2.3:a:postgresql:postgresql:7.4
  • PostgreSQL PostgreSQL 7.4.1
    cpe:2.3:a:postgresql:postgresql:7.4.1
  • PostgreSQL PostgreSQL 7.4.2
    cpe:2.3:a:postgresql:postgresql:7.4.2
  • PostgreSQL PostgreSQL 7.4.3
    cpe:2.3:a:postgresql:postgresql:7.4.3
  • PostgreSQL PostgreSQL 7.4.4
    cpe:2.3:a:postgresql:postgresql:7.4.4
  • PostgreSQL PostgreSQL 7.4.5
    cpe:2.3:a:postgresql:postgresql:7.4.5
  • PostgreSQL PostgreSQL 7.4.6
    cpe:2.3:a:postgresql:postgresql:7.4.6
  • PostgreSQL PostgreSQL 7.4.7
    cpe:2.3:a:postgresql:postgresql:7.4.7
  • PostgreSQL PostgreSQL 7.4.8
    cpe:2.3:a:postgresql:postgresql:7.4.8
  • PostgreSQL PostgreSQL 7.4.9
    cpe:2.3:a:postgresql:postgresql:7.4.9
  • PostgreSQL PostgreSQL 7.4.10
    cpe:2.3:a:postgresql:postgresql:7.4.10
  • PostgreSQL PostgreSQL 7.4.11
    cpe:2.3:a:postgresql:postgresql:7.4.11
  • PostgreSQL PostgreSQL 7.4.12
    cpe:2.3:a:postgresql:postgresql:7.4.12
  • PostgreSQL PostgreSQL 7.4.13
    cpe:2.3:a:postgresql:postgresql:7.4.13
  • PostgreSQL PostgreSQL 7.4.14
    cpe:2.3:a:postgresql:postgresql:7.4.14
  • PostgreSQL PostgreSQL 7.4.16
    cpe:2.3:a:postgresql:postgresql:7.4.16
  • PostgreSQL PostgreSQL 7.4.17
    cpe:2.3:a:postgresql:postgresql:7.4.17
  • PostgreSQL 8.0
    cpe:2.3:a:postgresql:postgresql:8.0
  • PostgreSQL PostgreSQL 8.0.1
    cpe:2.3:a:postgresql:postgresql:8.0.1
  • PostgreSQL PostgreSQL 8.0.2
    cpe:2.3:a:postgresql:postgresql:8.0.2
  • PostgreSQL PostgreSQL 8.0.3
    cpe:2.3:a:postgresql:postgresql:8.0.3
  • PostgreSQL PostgreSQL 8.0.4
    cpe:2.3:a:postgresql:postgresql:8.0.4
  • PostgreSQL PostgreSQL 8.0.5
    cpe:2.3:a:postgresql:postgresql:8.0.5
  • PostgreSQL PostgreSQL 8.0.7
    cpe:2.3:a:postgresql:postgresql:8.0.7
  • PostgreSQL PostgreSQL 8.0.8
    cpe:2.3:a:postgresql:postgresql:8.0.8
  • PostgreSQL PostgreSQL 8.0.9
    cpe:2.3:a:postgresql:postgresql:8.0.9
  • PostgreSQL PostgreSQL 8.0.11
    cpe:2.3:a:postgresql:postgresql:8.0.11
  • PostgreSQL PostgreSQL 8.0.13
    cpe:2.3:a:postgresql:postgresql:8.0.13
  • cpe:2.3:a:postgresql:postgresql:8.0.317
    cpe:2.3:a:postgresql:postgresql:8.0.317
  • PostgreSQL 8.1.1
    cpe:2.3:a:postgresql:postgresql:8.1.1
  • PostgreSQL 8.1.3
    cpe:2.3:a:postgresql:postgresql:8.1.3
  • PostgreSQL 8.1.4
    cpe:2.3:a:postgresql:postgresql:8.1.4
  • PostgreSQL 8.1.5
    cpe:2.3:a:postgresql:postgresql:8.1.5
  • PostgreSQL 8.1.7
    cpe:2.3:a:postgresql:postgresql:8.1.7
  • PostgreSQL 8.1.8
    cpe:2.3:a:postgresql:postgresql:8.1.8
  • PostgreSQL 8.1.9
    cpe:2.3:a:postgresql:postgresql:8.1.9
  • PostgreSQL 8.2
    cpe:2.3:a:postgresql:postgresql:8.2
  • PostgreSQL 8.2.2
    cpe:2.3:a:postgresql:postgresql:8.2.2
  • PostgreSQL 8.2.3
    cpe:2.3:a:postgresql:postgresql:8.2.3
  • PostgreSQL 8.2.4
    cpe:2.3:a:postgresql:postgresql:8.2.4
CVSS
Base: 7.2 (as of 10-01-2008 - 10:42)
Impact:
Exploitability:
CWE CWE-287
CAPEC
  • Authentication Abuse
    An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the "Exploitation of Session Variables, Resource IDs and other Trusted Credentials" attack patterns.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Utilizing REST's Trust in the System Resource to Register Man in the Middle
    This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to place man in the middle once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service's authentication scheme.
  • Man in the Middle Attack
    This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0039.NASL
    description Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.3.21 and resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 29956
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29956
    title RHEL 3 : postgresql (RHSA-2008:0039)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0039.NASL
    description Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.3.21 and resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 29934
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29934
    title CentOS 3 : postgresql (CESA-2008:0039)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0039.NASL
    description From Red Hat Security Advisory 2008:0039 : Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.3.21 and resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67639
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67639
    title Oracle Linux 3 : postgresql (ELSA-2008-0039)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1463.NASL
    description Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. - CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 29968
    published 2008-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29968
    title Debian DSA-1463-1 : postgresql-7.4 - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-004.NASL
    description Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067, CVE-2007-4769): three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle (see CVE-2007-3278), but that patch failed to close all forms of the loophole. Updated packages fix these issues by upgrading to the latest maintenance versions of PostgreSQL.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 38083
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38083
    title Mandriva Linux Security Advisory : postgresql (MDVSA-2008:004)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080111_POSTGRESQL_ON_SL3_X.NASL
    description Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60343
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60343
    title Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-4962.NASL
    description This version update to 7.4.19 fixes among other things several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772 / CVE-2007-6067 / CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 30199
    published 2008-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30199
    title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 4962)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200801-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-200801-15 (PostgreSQL: Multiple vulnerabilities) If using the 'expression indexes' feature, PostgreSQL executes index functions as the superuser during VACUUM and ANALYZE instead of the table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the index functions (CVE-2007-6600). Additionally, several errors involving regular expressions were found (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067). Eventually, a privilege escalation vulnerability via unspecified vectors in the DBLink module was reported (CVE-2007-6601). This vulnerability is exploitable when local trust or ident authentication is used, and is due to an incomplete fix of CVE-2007-3278. Impact : A remote authenticated attacker could send specially crafted queries containing complex regular expressions to the server that could result in a Denial of Service by a server crash (CVE-2007-4769), an infinite loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two other vulnerabilities can be exploited to gain additional privileges. Workaround : There is no known workaround for all these issues at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 30120
    published 2008-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30120
    title GLSA-200801-15 : PostgreSQL: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-0478.NASL
    description - Mon Jan 7 2008 Tom Lane 8.2.6-1 - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 - Make initscript and pam config files be installed unconditionally; seems new buildroots don't necessarily have those directories in place Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 29944
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29944
    title Fedora 8 : postgresql-8.2.6-1.fc8 (2008-0478)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0038.NASL
    description Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 29933
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29933
    title CentOS 4 / 5 : postgresql (CESA-2008:0038)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12065.NASL
    description This version update to 8.1.11 fixes among other things, several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41193
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41193
    title SuSE9 Security Update : postgresql (YOU Patch Number 12065)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-568-1.NASL
    description Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. (CVE-2007-3278, CVE-2007-6601) It was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) It was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges. (CVE-2007-6600). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 29978
    published 2008-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29978
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : postgresql vulnerabilities (USN-568-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0038.NASL
    description From Red Hat Security Advisory 2008:0038 : Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67638
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67638
    title Oracle Linux 4 / 5 : postgresql (ELSA-2008-0038)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_51436B4C125011DDBAB70016179B2DD5.NASL
    description The PostgreSQL developers report : PostgreSQL allows users to create indexes on the results of user-defined functions, known as 'expression indexes'. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed. PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle, but that patch failed to close all forms of the loophole.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 32063
    published 2008-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32063
    title FreeBSD : postgresql -- multiple vulnerabilities (51436b4c-1250-11dd-bab7-0016179b2dd5)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-0552.NASL
    description - Mon Jan 7 2008 Tom Lane 8.2.6-1 - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 - Make initscript and pam config files be installed unconditionally; seems new buildroots don't necessarily have those directories in place - Thu Sep 20 2007 Tom Lane 8.2.5-1 - Update to PostgreSQL 8.2.5 and pgtcl 1.6.0 - Fix multilib problem for /usr/include/ecpg_config.h (which is new in 8.2.x) - Use tzdata package's data files instead of private copy, so that postgresql-server need not be turned for routine timezone updates - Don't remove postgres user/group during RPM uninstall, per Fedora packaging guidelines - Recent perl changes in rawhide mean we need a more specific BuildRequires - Wed Jun 20 2007 Tom Lane 8.2.4-2 - Fix oversight in postgresql-test makefile: pg_regress isn't a shell script anymore. Per upstream bug 3398. - Tue Apr 24 2007 Tom Lane 8.2.4-1 - Update to PostgreSQL 8.2.4 for CVE-2007-2138, data loss bugs Resolves: #237682 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 29948
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29948
    title Fedora 7 : postgresql-8.2.6-1.fc7 (2008-0552)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0038.NASL
    description Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 29955
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29955
    title RHEL 4 / 5 : postgresql (RHSA-2008:0038)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1460.NASL
    description Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. - CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 29937
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29937
    title Debian DSA-1460-1 : postgresql-8.1 - several vulnerabilities
oval via4
accepted 2013-04-29T04:11:41.689-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
family unix
id oval:org.mitre.oval:def:11127
status accepted
submitted 2010-07-09T03:56:16-04:00
title The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
version 24
redhat via4
advisories
  • bugzilla
    id 427128
    title CVE-2007-6601 PostgreSQL privilege escalation via dblink
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment postgresql is earlier than 0:7.4.19-1.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080038002
          • comment postgresql is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064026
        • AND
          • comment postgresql-contrib is earlier than 0:7.4.19-1.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080038010
          • comment postgresql-contrib is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064038
        • AND
          • comment postgresql-devel is earlier than 0:7.4.19-1.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080038004
          • comment postgresql-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064036
        • AND
          • comment postgresql-docs is earlier than 0:7.4.19-1.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080038008
          • comment postgresql-docs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064046
        • AND
          • comment postgresql-jdbc is earlier than 0:7.4.19-1.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080038014
          • comment postgresql-jdbc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064032
        • AND
          • comment postgresql-libs is earlier than 0:7.4.19-1.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080038020
          • comment postgresql-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064030
        • AND
          • comment postgresql-pl is earlier than 0:7.4.19-1.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080038006
          • comment postgresql-pl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064028
        • AND
          • comment postgresql-python is earlier than 0:7.4.19-1.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080038016
          • comment postgresql-python is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064044
        • AND
          • comment postgresql-server is earlier than 0:7.4.19-1.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080038012
          • comment postgresql-server is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064034
        • AND
          • comment postgresql-tcl is earlier than 0:7.4.19-1.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080038022
          • comment postgresql-tcl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064040
        • AND
          • comment postgresql-test is earlier than 0:7.4.19-1.el4_6.1
            oval oval:com.redhat.rhsa:tst:20080038018
          • comment postgresql-test is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064042
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment postgresql is earlier than 0:8.1.11-1.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080038025
          • comment postgresql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068003
        • AND
          • comment postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080038043
          • comment postgresql-contrib is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068013
        • AND
          • comment postgresql-devel is earlier than 0:8.1.11-1.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080038027
          • comment postgresql-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068009
        • AND
          • comment postgresql-docs is earlier than 0:8.1.11-1.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080038041
          • comment postgresql-docs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068005
        • AND
          • comment postgresql-libs is earlier than 0:8.1.11-1.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080038031
          • comment postgresql-libs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068011
        • AND
          • comment postgresql-pl is earlier than 0:8.1.11-1.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080038037
          • comment postgresql-pl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068017
        • AND
          • comment postgresql-python is earlier than 0:8.1.11-1.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080038033
          • comment postgresql-python is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068015
        • AND
          • comment postgresql-server is earlier than 0:8.1.11-1.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080038029
          • comment postgresql-server is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068019
        • AND
          • comment postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080038035
          • comment postgresql-tcl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068007
        • AND
          • comment postgresql-test is earlier than 0:8.1.11-1.el5_1.1
            oval oval:com.redhat.rhsa:tst:20080038039
          • comment postgresql-test is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068021
    rhsa
    id RHSA-2008:0038
    released 2008-01-11
    severity Moderate
    title RHSA-2008:0038: postgresql security update (Moderate)
  • bugzilla
    id 427128
    title CVE-2007-6601 PostgreSQL privilege escalation via dblink
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • OR
      • AND
        • comment rh-postgresql is earlier than 0:7.3.21-1
          oval oval:com.redhat.rhsa:tst:20080039002
        • comment rh-postgresql is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070064003
      • AND
        • comment rh-postgresql-contrib is earlier than 0:7.3.21-1
          oval oval:com.redhat.rhsa:tst:20080039010
        • comment rh-postgresql-contrib is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070064017
      • AND
        • comment rh-postgresql-devel is earlier than 0:7.3.21-1
          oval oval:com.redhat.rhsa:tst:20080039016
        • comment rh-postgresql-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070064013
      • AND
        • comment rh-postgresql-docs is earlier than 0:7.3.21-1
          oval oval:com.redhat.rhsa:tst:20080039018
        • comment rh-postgresql-docs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070064009
      • AND
        • comment rh-postgresql-jdbc is earlier than 0:7.3.21-1
          oval oval:com.redhat.rhsa:tst:20080039004
        • comment rh-postgresql-jdbc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070064005
      • AND
        • comment rh-postgresql-libs is earlier than 0:7.3.21-1
          oval oval:com.redhat.rhsa:tst:20080039022
        • comment rh-postgresql-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070064011
      • AND
        • comment rh-postgresql-pl is earlier than 0:7.3.21-1
          oval oval:com.redhat.rhsa:tst:20080039014
        • comment rh-postgresql-pl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070064015
      • AND
        • comment rh-postgresql-python is earlier than 0:7.3.21-1
          oval oval:com.redhat.rhsa:tst:20080039006
        • comment rh-postgresql-python is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070064019
      • AND
        • comment rh-postgresql-server is earlier than 0:7.3.21-1
          oval oval:com.redhat.rhsa:tst:20080039008
        • comment rh-postgresql-server is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070064021
      • AND
        • comment rh-postgresql-tcl is earlier than 0:7.3.21-1
          oval oval:com.redhat.rhsa:tst:20080039020
        • comment rh-postgresql-tcl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070064023
      • AND
        • comment rh-postgresql-test is earlier than 0:7.3.21-1
          oval oval:com.redhat.rhsa:tst:20080039012
        • comment rh-postgresql-test is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070064007
    rhsa
    id RHSA-2008:0039
    released 2008-01-11
    severity Moderate
    title RHSA-2008:0039: postgresql security update (Moderate)
  • rhsa
    id RHSA-2008:0040
rpms
  • postgresql-0:7.4.19-1.el4_6.1
  • postgresql-contrib-0:7.4.19-1.el4_6.1
  • postgresql-devel-0:7.4.19-1.el4_6.1
  • postgresql-docs-0:7.4.19-1.el4_6.1
  • postgresql-jdbc-0:7.4.19-1.el4_6.1
  • postgresql-libs-0:7.4.19-1.el4_6.1
  • postgresql-pl-0:7.4.19-1.el4_6.1
  • postgresql-python-0:7.4.19-1.el4_6.1
  • postgresql-server-0:7.4.19-1.el4_6.1
  • postgresql-tcl-0:7.4.19-1.el4_6.1
  • postgresql-test-0:7.4.19-1.el4_6.1
  • postgresql-0:8.1.11-1.el5_1.1
  • postgresql-contrib-0:8.1.11-1.el5_1.1
  • postgresql-devel-0:8.1.11-1.el5_1.1
  • postgresql-docs-0:8.1.11-1.el5_1.1
  • postgresql-libs-0:8.1.11-1.el5_1.1
  • postgresql-pl-0:8.1.11-1.el5_1.1
  • postgresql-python-0:8.1.11-1.el5_1.1
  • postgresql-server-0:8.1.11-1.el5_1.1
  • postgresql-tcl-0:8.1.11-1.el5_1.1
  • postgresql-test-0:8.1.11-1.el5_1.1
  • rh-postgresql-0:7.3.21-1
  • rh-postgresql-contrib-0:7.3.21-1
  • rh-postgresql-devel-0:7.3.21-1
  • rh-postgresql-docs-0:7.3.21-1
  • rh-postgresql-jdbc-0:7.3.21-1
  • rh-postgresql-libs-0:7.3.21-1
  • rh-postgresql-pl-0:7.3.21-1
  • rh-postgresql-python-0:7.3.21-1
  • rh-postgresql-server-0:7.3.21-1
  • rh-postgresql-tcl-0:7.3.21-1
  • rh-postgresql-test-0:7.3.21-1
refmap via4
bid 27163
bugtraq
  • 20080107 PostgreSQL 2007-01-07 Cumulative Security Release
  • 20080115 rPSA-2008-0016-1 postgresql postgresql-server
confirm
debian
  • DSA-1460
  • DSA-1463
fedora
  • FEDORA-2008-0478
  • FEDORA-2008-0552
gentoo GLSA-200801-15
hp
  • HPSBTU02325
  • SSRT080006
mandriva MDVSA-2008:004
sectrack 1019157
secunia
  • 28359
  • 28376
  • 28437
  • 28438
  • 28445
  • 28454
  • 28455
  • 28464
  • 28477
  • 28479
  • 28679
  • 28698
  • 29638
sunalert
  • 103197
  • 200559
suse SUSE-SA:2008:005
ubuntu USN-568-1
vupen
  • ADV-2008-0061
  • ADV-2008-0109
  • ADV-2008-1071
xf postgresql-dblink-privilege-escalation(39500)
Last major update 07-03-2011 - 22:03
Published 09-01-2008 - 16:46
Last modified 15-10-2018 - 17:55
Back to Top