ID CVE-2010-0442
Summary The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
References
Vulnerable Configurations
  • PostgreSQL 8.1.11
    cpe:2.3:a:postgresql:postgresql:8.1.11
  • PostgreSQL 8.3.8
    cpe:2.3:a:postgresql:postgresql:8.3.8
  • PostgreSQL PostgreSQL 8.0.23
    cpe:2.3:a:postgresql:postgresql:8.0.23
CVSS
Base: 6.5 (as of 03-02-2010 - 14:03)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability. CVE-2010-0442. Dos exploit for linux platform
id EDB-ID:33571
last seen 2016-02-03
modified 2010-01-27
published 2010-01-27
reporter Intevydis
source https://www.exploit-db.com/download/33571/
title PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-22 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the 'intarray' module enabled, possibly resulting in the execution of arbitrary code with the privileges of the PostgreSQL server process, or a Denial of Service condition. Furthermore, a remote authenticated attacker could execute arbitrary Perl code, cause a Denial of Service condition via different vectors, bypass LDAP authentication, bypass X.509 certificate validation, gain database privileges, exploit weak blowfish encryption and possibly cause other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56626
    published 2011-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56626
    title GLSA-201110-22 : PostgreSQL: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_E050119B385611DFB2B2002170DAAE37.NASL
    description BugTraq reports : PostgreSQL is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 45348
    published 2010-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45348
    title FreeBSD : postgresql -- bitsubstr overflow (e050119b-3856-11df-b2b2-002170daae37)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-933-1.NASL
    description It was discovered that PostgreSQL did not properly sanitize its input when using substring() with a SELECT statement. A remote authenticated attacker could exploit this to cause a denial of service via application crash. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46179
    published 2010-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46179
    title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 : postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability (USN-933-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100519_POSTGRESQL_ON_SL3_X.NASL
    description PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60795
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60795
    title Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0427.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Running PostgreSQL instances must be restarted ('service rhdb restart') for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46681
    published 2010-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46681
    title RHEL 3 : postgresql (RHSA-2010:0427)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2051.NASL
    description Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1169 Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. - CVE-2010-1170 Tom Lane discovered that the implementation of the procedural language PL/Tcl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Tcl code. - CVE-2010-1975 It was discovered that an unprivileged user could reset superuser-only parameter settings.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46710
    published 2010-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46710
    title Debian DSA-2051-1 : postgresql-8.3 - several vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0429.NASL
    description From Red Hat Security Advisory 2010:0429 : Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 8.1.21. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68044
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68044
    title Oracle Linux 5 : postgresql (ELSA-2010-0429)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0427.NASL
    description From Red Hat Security Advisory 2010:0427 : Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Running PostgreSQL instances must be restarted ('service rhdb restart') for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68042
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68042
    title Oracle Linux 3 : postgresql (ELSA-2010-0427)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0428.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 7.4.29. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46696
    published 2010-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46696
    title CentOS 4 : postgresql (CESA-2010:0428)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0427.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Running PostgreSQL instances must be restarted ('service rhdb restart') for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46695
    published 2010-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46695
    title CentOS 3 : postgresql (CESA-2010:0427)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-103.NASL
    description Multiple vulnerabilities was discovered and corrected in postgresql : The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an overflow. (CVE-2010-0442). A flaw was found in the way the PostgreSQL server process enforced permission checks on scripts written in PL/Perl. A remote, authenticated user, running a specially crafted PL/Perl script, could use this flaw to bypass PL/Perl trusted mode restrictions, allowing them to obtain sensitive information; execute arbitrary Perl scripts; or cause a denial of service (remove protected, sensitive data) (CVE-2010-1169). The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the table's ownership and permissions, which allows remote authenticated users, with database-creation privileges, to execute arbitrary Tcl code by creating this table and inserting a crafted Tcl script (CVE-2010-1170). PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement (CVE-2010-1975). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 This update provides a solution to these vulnerabilities.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 46690
    published 2010-05-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46690
    title Mandriva Linux Security Advisory : postgresql (MDVSA-2010:103)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0428.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 7.4.29. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46682
    published 2010-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46682
    title RHEL 4 : postgresql (RHSA-2010:0428)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0429.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 8.1.21. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 46761
    published 2010-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46761
    title CentOS 5 : postgresql (CESA-2010:0429)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0429.NASL
    description Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 8.1.21. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 46683
    published 2010-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46683
    title RHEL 5 : postgresql (RHSA-2010:0429)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0428.NASL
    description From Red Hat Security Advisory 2010:0428 : Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 7.4.29. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68043
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68043
    title Oracle Linux 4 : postgresql (ELSA-2010-0428)
oval via4
accepted 2013-04-29T04:21:35.507-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
family unix
id oval:org.mitre.oval:def:9720
status accepted
submitted 2010-07-09T03:56:16-04:00
title The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2010:0427
  • rhsa
    id RHSA-2010:0428
  • rhsa
    id RHSA-2010:0429
rpms
  • rh-postgresql-0:7.3.21-3
  • rh-postgresql-contrib-0:7.3.21-3
  • rh-postgresql-devel-0:7.3.21-3
  • rh-postgresql-docs-0:7.3.21-3
  • rh-postgresql-jdbc-0:7.3.21-3
  • rh-postgresql-libs-0:7.3.21-3
  • rh-postgresql-pl-0:7.3.21-3
  • rh-postgresql-python-0:7.3.21-3
  • rh-postgresql-server-0:7.3.21-3
  • rh-postgresql-tcl-0:7.3.21-3
  • rh-postgresql-test-0:7.3.21-3
  • postgresql-0:7.4.29-1.el4_8.1
  • postgresql-contrib-0:7.4.29-1.el4_8.1
  • postgresql-devel-0:7.4.29-1.el4_8.1
  • postgresql-docs-0:7.4.29-1.el4_8.1
  • postgresql-jdbc-0:7.4.29-1.el4_8.1
  • postgresql-libs-0:7.4.29-1.el4_8.1
  • postgresql-pl-0:7.4.29-1.el4_8.1
  • postgresql-python-0:7.4.29-1.el4_8.1
  • postgresql-server-0:7.4.29-1.el4_8.1
  • postgresql-tcl-0:7.4.29-1.el4_8.1
  • postgresql-test-0:7.4.29-1.el4_8.1
  • postgresql-0:8.1.21-1.el5_5.1
  • postgresql-contrib-0:8.1.21-1.el5_5.1
  • postgresql-devel-0:8.1.21-1.el5_5.1
  • postgresql-docs-0:8.1.21-1.el5_5.1
  • postgresql-libs-0:8.1.21-1.el5_5.1
  • postgresql-pl-0:8.1.21-1.el5_5.1
  • postgresql-python-0:8.1.21-1.el5_5.1
  • postgresql-server-0:8.1.21-1.el5_5.1
  • postgresql-tcl-0:8.1.21-1.el5_5.1
  • postgresql-test-0:8.1.21-1.el5_5.1
refmap via4
bid 37973
confirm
debian DSA-2051
mandriva MDVSA-2010:103
misc
mlist
  • [oss-security] 20100127 Re: CVE id request: postgresql bitsubstr overflow
  • [pgsql-committers] 20100107 pgsql: Make bit/varbit substring() treat any negative length as meaning
  • [pgsql-hackers] 20100107 Re: Patch: Allow substring/replace() to get/set bit values
sectrack 1023510
secunia
  • 39566
  • 39820
  • 39939
ubuntu USN-933-1
vupen
  • ADV-2010-1022
  • ADV-2010-1197
  • ADV-2010-1207
  • ADV-2010-1221
xf postgresql-substring-bo(55902)
Last major update 21-08-2010 - 01:39
Published 02-02-2010 - 13:30
Last modified 18-09-2017 - 21:30
Back to Top