ID CVE-2007-0555
Summary PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
References
Vulnerable Configurations
  • cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*
CVSS
Base: 8.5 (as of 19-01-2023 - 20:10)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:N/A:C
oval via4
accepted 2013-04-29T04:21:45.588-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
family unix
id oval:org.mitre.oval:def:9739
status accepted
submitted 2010-07-09T03:56:16-04:00
title PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
version 30
redhat via4
advisories
  • bugzilla
    id 1618367
    title CVE-2007-0555 security flaw
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment postgresql is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064001
          • comment postgresql is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060526002
        • AND
          • comment postgresql-contrib is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064003
          • comment postgresql-contrib is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060526004
        • AND
          • comment postgresql-devel is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064005
          • comment postgresql-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060526006
        • AND
          • comment postgresql-docs is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064007
          • comment postgresql-docs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060526008
        • AND
          • comment postgresql-jdbc is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064009
          • comment postgresql-jdbc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060526010
        • AND
          • comment postgresql-libs is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064011
          • comment postgresql-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060526012
        • AND
          • comment postgresql-pl is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064013
          • comment postgresql-pl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060526014
        • AND
          • comment postgresql-python is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064015
          • comment postgresql-python is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060526016
        • AND
          • comment postgresql-server is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064017
          • comment postgresql-server is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060526018
        • AND
          • comment postgresql-tcl is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064019
          • comment postgresql-tcl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060526020
        • AND
          • comment postgresql-test is earlier than 0:7.4.16-1.RHEL4.1
            oval oval:com.redhat.rhsa:tst:20070064021
          • comment postgresql-test is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060526022
    rhsa
    id RHSA-2007:0064
    released 2007-02-07
    severity Moderate
    title RHSA-2007:0064: postgresql security update (Moderate)
  • rhsa
    id RHSA-2007:0067
  • rhsa
    id RHSA-2007:0068
rpms
  • postgresql-0:7.4.16-1.RHEL4.1
  • postgresql-contrib-0:7.4.16-1.RHEL4.1
  • postgresql-debuginfo-0:7.4.16-1.RHEL4.1
  • postgresql-devel-0:7.4.16-1.RHEL4.1
  • postgresql-docs-0:7.4.16-1.RHEL4.1
  • postgresql-jdbc-0:7.4.16-1.RHEL4.1
  • postgresql-libs-0:7.4.16-1.RHEL4.1
  • postgresql-pl-0:7.4.16-1.RHEL4.1
  • postgresql-python-0:7.4.16-1.RHEL4.1
  • postgresql-server-0:7.4.16-1.RHEL4.1
  • postgresql-tcl-0:7.4.16-1.RHEL4.1
  • postgresql-test-0:7.4.16-1.RHEL4.1
  • rh-postgresql-0:7.3.18-1
  • rh-postgresql-contrib-0:7.3.18-1
  • rh-postgresql-debuginfo-0:7.3.18-1
  • rh-postgresql-devel-0:7.3.18-1
  • rh-postgresql-docs-0:7.3.18-1
  • rh-postgresql-jdbc-0:7.3.18-1
  • rh-postgresql-libs-0:7.3.18-1
  • rh-postgresql-pl-0:7.3.18-1
  • rh-postgresql-python-0:7.3.18-1
  • rh-postgresql-server-0:7.3.18-1
  • rh-postgresql-tcl-0:7.3.18-1
  • rh-postgresql-test-0:7.3.18-1
  • postgresql-0:8.1.7-3.el4s1.1
  • postgresql-contrib-0:8.1.7-3.el4s1.1
  • postgresql-debuginfo-0:8.1.7-3.el4s1.1
  • postgresql-devel-0:8.1.7-3.el4s1.1
  • postgresql-docs-0:8.1.7-3.el4s1.1
  • postgresql-libs-0:8.1.7-3.el4s1.1
  • postgresql-pl-0:8.1.7-3.el4s1.1
  • postgresql-python-0:8.1.7-3.el4s1.1
  • postgresql-server-0:8.1.7-3.el4s1.1
  • postgresql-tcl-0:8.1.7-3.el4s1.1
  • postgresql-test-0:8.1.7-3.el4s1.1
  • postgresql-0:8.1.8-1.el5
  • postgresql-contrib-0:8.1.8-1.el5
  • postgresql-debuginfo-0:8.1.8-1.el5
  • postgresql-devel-0:8.1.8-1.el5
  • postgresql-docs-0:8.1.8-1.el5
  • postgresql-libs-0:8.1.8-1.el5
  • postgresql-pl-0:8.1.8-1.el5
  • postgresql-python-0:8.1.8-1.el5
  • postgresql-server-0:8.1.8-1.el5
  • postgresql-tcl-0:8.1.8-1.el5
  • postgresql-test-0:8.1.8-1.el5
refmap via4
bid 22387
bugtraq
  • 20070206 rPSA-2007-0025-1 postgresql postgresql-server
  • 20070208 rPSA-2007-0025-2 postgresql postgresql-server
confirm
debian DSA-1261
fedora FEDORA-2007-198
gentoo GLSA-200703-15
mandriva MDKSA-2007:037
mlist [security-announce] 20070206 rPSA-2007-0025-1 postgresql postgresql-server
osvdb 33087
sectrack 1017597
secunia
  • 24028
  • 24033
  • 24042
  • 24050
  • 24057
  • 24094
  • 24151
  • 24158
  • 24284
  • 24315
  • 24513
  • 24577
  • 25220
sgi 20070201-01-P
sunalert 102825
suse SUSE-SR:2007:010
trustix 2007-0007
ubuntu
  • USN-417-1
  • USN-417-2
vupen
  • ADV-2007-0478
  • ADV-2007-0774
xf postgresql-sqlfunctions-info-disclosure(32195)
Last major update 19-01-2023 - 20:10
Published 06-02-2007 - 01:28
Last modified 19-01-2023 - 20:10
Back to Top