ID CVE-2007-4772
Summary The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
References
Vulnerable Configurations
  • Debian Debian Linux 3.1
    cpe:2.3:o:debian:debian_linux:3.1
  • Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:6.06:-:-:-:lts
  • Canonical Ubuntu Linux 6.10
    cpe:2.3:o:canonical:ubuntu_linux:6.10
  • Canonical Ubuntu Linux 7.04
    cpe:2.3:o:canonical:ubuntu_linux:7.04
  • Canonical Ubuntu Linux 7.10
    cpe:2.3:o:canonical:ubuntu_linux:7.10
CVSS
Base: 4.0 (as of 10-01-2008 - 10:20)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0677-1.NASL
    description This update for postgresql94 fixes the following issues : - Security and bugfix release 9.4.6 : - *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. - Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). - Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). - Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). - Fix many issues in pg_dump with specific object types - Prevent over-eager pushdown of HAVING clauses for GROUPING SETS - Fix deparsing error with ON CONFLICT ... WHERE clauses - Fix tableoid errors for postgres_fdw - Prevent floating-point exceptions in pgbench - Make \det search Foreign Table names consistently - Fix quoting of domain constraint names in pg_dump - Prevent putting expanded objects into Const nodes - Allow compile of PL/Java on Windows - Fix 'unresolved symbol' errors in PL/Python execution - Allow Python2 and Python3 to be used in the same database - Add support for Python 3.5 in PL/Python - Fix issue with subdirectory creation during initdb - Make pg_ctl report status correctly on Windows - Suppress confusing error when using pg_receivexlog with older servers - Multiple documentation corrections and additions - Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6. html - Security and bugfix release 9.4.5 : - CVE-2015-5289, bsc#949670: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service. - CVE-2015-5288, bsc#949669: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed. - For the full release notse, see: http://www.postgresql.org/docs/current/static/release-9- 4-5.html - Relax dependency on libpq to major version. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 89730
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89730
    title SUSE SLED11 / SLES11 Security Update : postgresql94 (SUSE-SU-2016:0677-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0122.NASL
    description Updated tcl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Tcl (Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug : * Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command. (BZ#478961) All users of Tcl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 63567
    published 2013-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63567
    title CentOS 5 : tcl (CESA-2013:0122)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0122.NASL
    description Updated tcl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Tcl (Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug : * Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command. (BZ#478961) All users of Tcl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 63405
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63405
    title RHEL 5 : tcl (RHSA-2013:0122)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-4958.NASL
    description This version update to 8.1.11 fixes among other things several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 30198
    published 2008-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30198
    title openSUSE 10 Security Update : postgresql (postgresql-4958)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130108_TCL_ON_SL5_X.NASL
    description Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug : - Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 63605
    published 2013-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63605
    title Scientific Linux Security Update : tcl on SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-271.NASL
    description This update for postgresql94 fixes the following issues : - Security and bugfix release 9.4.6 : - *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. - Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). - Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). - Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). - Fix many issues in pg_dump with specific object types - Prevent over-eager pushdown of HAVING clauses for GROUPING SETS - Fix deparsing error with ON CONFLICT ... WHERE clauses - Fix tableoid errors for postgres_fdw - Prevent floating-point exceptions in pgbench - Make \det search Foreign Table names consistently - Fix quoting of domain constraint names in pg_dump - Prevent putting expanded objects into Const nodes - Allow compile of PL/Java on Windows - Fix 'unresolved symbol' errors in PL/Python execution - Allow Python2 and Python3 to be used in the same database - Add support for Python 3.5 in PL/Python - Fix issue with subdirectory creation during initdb - Make pg_ctl report status correctly on Windows - Suppress confusing error when using pg_receivexlog with older servers - Multiple documentation corrections and additions - Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6. html - PL/Perl still needs to be linked with rpath, so that it can find libperl.so at runtime. bsc#578053, postgresql-plperl-keep-rpath.patch This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 88980
    published 2016-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88980
    title openSUSE Security Update : postgresql94 (openSUSE-2016-271)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0122.NASL
    description From Red Hat Security Advisory 2013:0122 : Updated tcl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Tcl (Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug : * Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command. (BZ#478961) All users of Tcl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68693
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68693
    title Oracle Linux 5 : tcl (ELSA-2013-0122)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1463.NASL
    description Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. - CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 29968
    published 2008-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29968
    title Debian DSA-1463-1 : postgresql-7.4 - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-004.NASL
    description Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067, CVE-2007-4769): three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle (see CVE-2007-3278), but that patch failed to close all forms of the loophole. Updated packages fix these issues by upgrading to the latest maintenance versions of PostgreSQL.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 38083
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38083
    title Mandriva Linux Security Advisory : postgresql (MDVSA-2008:004)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2008-0009.NASL
    description a. VMware Tools Local Privilege Escalation on Windows-based guest OS The VMware Tools Package provides support required for shared folders (HGFS) and other features. An input validation error is present in the Windows-based VMware HGFS.sys driver. Exploitation of this flaw might result in arbitrary code execution on the guest system by an unprivileged guest user. It doesn't matter on what host the Windows guest OS is running, as this is a guest driver vulnerability and not a vulnerability on the host. The HGFS.sys driver is present in the guest operating system if the VMware Tools package is loaded. Even if the host has HGFS disabled and has no shared folders, Windows-based guests may be affected. This is regardless if a host supports HGFS. This issue could be mitigated by removing the VMware Tools package from Windows based guests. However this is not recommended as it would impact usability of the product. NOTE: Installing the new hosted release or ESX patches will not remediate the issue. The VMware Tools packages will need to be updated on each Windows-based guest followed by a reboot of the guest system. VMware would like to thank iDefense and Stephen Fewer of Harmony Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5671 to this issue. b. Privilege escalation on ESX or Linux based hosted operating systems This update fixes a security issue related to local exploitation of an untrusted library path vulnerability in vmware-authd. In order to exploit this vulnerability, an attacker must have local access and the ability to execute the set-uid vmware-authd binary on an affected system. Exploitation of this flaw might result in arbitrary code execution on the Linux host system by an unprivileged user. VMware would like to thank iDefense for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0967 to this issue. c. Openwsman Invalid Content-Length Vulnerability Openwsman is a system management platform that implements the Web Services Management protocol (WS-Management). It is installed and running by default. It is used in the VMware Management Service Console and in ESXi. The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable to a privilege escalation vulnerability, which may allow users with non-privileged ESX or Virtual Center accounts to gain root privileges. To exploit this vulnerability, an attacker would need a local ESX account or a VirtualCenter account with the Host.Cim.CimInteraction permission. Systems with no local ESX accounts and no VirtualCenter accounts with the Host.Cim.CimInteraction permission are not vulnerable. This vulnerability cannot be exploited by users without valid login credentials. Discovery: Alexander Sotirov, VMware Security Research The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2097 to this issue. d. VMware VIX Application Programming Interface (API) Memory Overflow Vulnerabilities The VIX API (also known as 'Vix') is an API that lets users write scripts and programs to manipulate virtual machines. Multiple buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in a privilege escalation on the host system. This exploit scenario is relevant for all affected products. On VC, ESX30x, and ESX35, users need to have the VM Interaction Privilege in order to exploit the vulnerability. Exploitation of these vulnerabilities might also result in code execution on the host system from the guest system or on the service console in ESX Server from the guest operating system. This exploit scenario is relevant for Workstation 6.0.x (version 6.0.3 and below), Player 2.0.x (version 2.0.3 and below), ACE 2.0.x (version 2.0.3 and below), Server 1.0.x (version 1.0.5 and below), and ESX3.5. The parameter 'vix.inGuest.enable' in the VMware configuration file must be set to true to allow for exploitation on these products. Note that the parameter 'vix-inGuest.enable' is set to false by default. The parameter 'vix.inGuest.enable' is present in the following products : VMware Workstation 6.0.2 and higher VMware ACE 6.0.2 and higher VMware Server 1.06 and higher VMware Fusion 1.1.2 and higher ESX Server 3.0 and higher ESX Server 3.5 and higher In previous versions of VMware products where the VIX API was introduced, the VIX API couldn't be disabled. This vulnerability is present in ESX and the hosted products even if you have not installed the VIX API. To patch your system you will need to update to the new hosted product version or to apply the appropriate ESX patch. It is not necessary to update the VIX API if you have installed the VIX API. VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue. II Service Console rpm updates NOTE: ESXi and hosted products are not affected by any service console security updates a. Security update for cyrus-sasl Updated cyrus-sasl package for the ESX Service Console corrects a security issue found in the DIGEST-MD5 authentication mechanism of Cyrus' implementation of Simple Authentication and Security Layer (SASL). As a result of this issue in the authentication mechanism, a remote unauthenticated attacker might be able to cause a denial of service error on the service console. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-1721 to this issue. b. Security update for tcltk An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0553 to this issue. A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5378 to this issue. A flaw first discovered in the Tcl regular expression engine used in the PostgreSQL database server, resulted in an infinite loop when processing certain regular expressions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4772 to this issue. c. Security update for unzip This patch includes a moderate security update to the service console that fixes a flaw in unzip. An attacker could execute malicious code with a user's privileges if the user ran unzip on a file designed to leverage this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0888 to this issue. d. Security update for krb5 KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0062 to this issue. NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable to this issue. The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka 'Uninitialized stack values.' The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0063 to this issue. NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable to this issue. Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0948 to this issue.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40378
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40378
    title VMSA-2008-0009 : Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0134.NASL
    description From Red Hat Security Advisory 2008:0134 : Updated tcltk packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tcl is a scripting language designed for embedding into other applications and for use with Tk, a widget set. An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5378) A flaw in the Tcl regular expression handling engine was discovered by Will Drewry. This flaw, first discovered in the Tcl regular expression engine used in the PostgreSQL database server, resulted in an infinite loop when processing certain regular expressions. (CVE-2007-4772) All users are advised to upgrade to these updated packages which contain backported patches which resolve these issues.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67653
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67653
    title Oracle Linux 3 : tcltk (ELSA-2008-0134)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-4955.NASL
    description This version update to 8.2.6 fixes among other things several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 30251
    published 2008-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30251
    title openSUSE 10 Security Update : postgresql (postgresql-4955)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080111_POSTGRESQL_ON_SL3_X.NASL
    description Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60343
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60343
    title Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-253.NASL
    description This update for postgresql93 fixes the following issues : - Security and bugfix release 9.3.11 : - Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, boo#966436). - Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). - Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, boo#966435). - Fix many issues in pg_dump with specific object types - Prevent over-eager pushdown of HAVING clauses for GROUPING SETS - Fix deparsing error with ON CONFLICT ... WHERE clauses - Fix tableoid errors for postgres_fdw - Prevent floating-point exceptions in pgbench - Make \det search Foreign Table names consistently - Fix quoting of domain constraint names in pg_dump - Prevent putting expanded objects into Const nodes - Allow compile of PL/Java on Windows - Fix 'unresolved symbol' errors in PL/Python execution - Allow Python2 and Python3 to be used in the same database - Add support for Python 3.5 in PL/Python - Fix issue with subdirectory creation during initdb - Make pg_ctl report status correctly on Windows - Suppress confusing error when using pg_receivexlog with older servers - Multiple documentation corrections and additions - Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.3/static/release-9-3-11 .html
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 88926
    published 2016-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88926
    title openSUSE Security Update : postgresql93 (openSUSE-2016-253)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-059.NASL
    description A flaw in the Tcl regular expression handling engine was originally discovered by Will Drewry in the PostgreSQL database server's Tcl regular expression engine. This flaw can result in an infinite loop when processing certain regular expressions. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36516
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36516
    title Mandriva Linux Security Advisory : tcl (MDVSA-2008:059)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0134.NASL
    description Updated tcltk packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tcl is a scripting language designed for embedding into other applications and for use with Tk, a widget set. An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5378) A flaw in the Tcl regular expression handling engine was discovered by Will Drewry. This flaw, first discovered in the Tcl regular expression engine used in the PostgreSQL database server, resulted in an infinite loop when processing certain regular expressions. (CVE-2007-4772) All users are advised to upgrade to these updated packages which contain backported patches which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31139
    published 2008-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31139
    title CentOS 3 : tcltk (CESA-2008:0134)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080221_TCLTK_ON_SL3_X.NASL
    description An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5378) A flaw in the Tcl regular expression handling engine was discovered by Will Drewry. This flaw, first discovered in the Tcl regular expression engine used in the PostgreSQL database server, resulted in an infinite loop when processing certain regular expressions. (CVE-2007-4772)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60362
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60362
    title Scientific Linux Security Update : tcltk on SL3.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0134.NASL
    description Updated tcltk packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tcl is a scripting language designed for embedding into other applications and for use with Tk, a widget set. An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5378) A flaw in the Tcl regular expression handling engine was discovered by Will Drewry. This flaw, first discovered in the Tcl regular expression engine used in the PostgreSQL database server, resulted in an infinite loop when processing certain regular expressions. (CVE-2007-4772) All users are advised to upgrade to these updated packages which contain backported patches which resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 31160
    published 2008-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31160
    title RHEL 2.1 / 3 : tcltk (RHSA-2008:0134)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0539-1.NASL
    description This update for postgresql93 fixes the following issues : - Security and bugfix release 9.3.11 : - Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). - Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). - Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). - Fix many issues in pg_dump with specific object types - Prevent over-eager pushdown of HAVING clauses for GROUPING SETS - Fix deparsing error with ON CONFLICT ... WHERE clauses - Fix tableoid errors for postgres_fdw - Prevent floating-point exceptions in pgbench - Make \det search Foreign Table names consistently - Fix quoting of domain constraint names in pg_dump - Prevent putting expanded objects into Const nodes - Allow compile of PL/Java on Windows - Fix 'unresolved symbol' errors in PL/Python execution - Allow Python2 and Python3 to be used in the same database - Add support for Python 3.5 in PL/Python - Fix issue with subdirectory creation during initdb - Make pg_ctl report status correctly on Windows - Suppress confusing error when using pg_receivexlog with older servers - Multiple documentation corrections and additions - Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.3/static/release-9-3-11 .html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 88891
    published 2016-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88891
    title SUSE SLED12 / SLES12 Security Update : postgresql93 (SUSE-SU-2016:0539-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0555-1.NASL
    description This update for postgresql94 fixes the following issues : - Security and bugfix release 9.4.6 : - *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. - Fix infinite loops and buffer-overrun problems in regular expressions (CVE-2016-0773, bsc#966436). - Fix regular-expression compiler to handle loops of constraint arcs (CVE-2007-4772). - Prevent certain PL/Java parameters from being set by non-superusers (CVE-2016-0766, bsc#966435). - Fix many issues in pg_dump with specific object types - Prevent over-eager pushdown of HAVING clauses for GROUPING SETS - Fix deparsing error with ON CONFLICT ... WHERE clauses - Fix tableoid errors for postgres_fdw - Prevent floating-point exceptions in pgbench - Make \det search Foreign Table names consistently - Fix quoting of domain constraint names in pg_dump - Prevent putting expanded objects into Const nodes - Allow compile of PL/Java on Windows - Fix 'unresolved symbol' errors in PL/Python execution - Allow Python2 and Python3 to be used in the same database - Add support for Python 3.5 in PL/Python - Fix issue with subdirectory creation during initdb - Make pg_ctl report status correctly on Windows - Suppress confusing error when using pg_receivexlog with older servers - Multiple documentation corrections and additions - Fix erroneous hash calculations in gin_extract_jsonb_path() - For the full release notse, see: http://www.postgresql.org/docs/9.4/static/release-9-4-6. html - PL/Perl still needs to be linked with rpath, so that it can find libperl.so at runtime. bsc#578053, postgresql-plperl-keep-rpath.patch Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 88948
    published 2016-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88948
    title SUSE SLED12 / SLES12 Security Update : postgresql94 (SUSE-SU-2016:0555-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-4962.NASL
    description This version update to 7.4.19 fixes among other things several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772 / CVE-2007-6067 / CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 30199
    published 2008-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30199
    title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 4962)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200801-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-200801-15 (PostgreSQL: Multiple vulnerabilities) If using the 'expression indexes' feature, PostgreSQL executes index functions as the superuser during VACUUM and ANALYZE instead of the table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the index functions (CVE-2007-6600). Additionally, several errors involving regular expressions were found (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067). Eventually, a privilege escalation vulnerability via unspecified vectors in the DBLink module was reported (CVE-2007-6601). This vulnerability is exploitable when local trust or ident authentication is used, and is due to an incomplete fix of CVE-2007-3278. Impact : A remote authenticated attacker could send specially crafted queries containing complex regular expressions to the server that could result in a Denial of Service by a server crash (CVE-2007-4769), an infinite loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two other vulnerabilities can be exploited to gain additional privileges. Workaround : There is no known workaround for all these issues at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 30120
    published 2008-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30120
    title GLSA-200801-15 : PostgreSQL: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-0478.NASL
    description - Mon Jan 7 2008 Tom Lane 8.2.6-1 - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 - Make initscript and pam config files be installed unconditionally; seems new buildroots don't necessarily have those directories in place Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 29944
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29944
    title Fedora 8 : postgresql-8.2.6-1.fc8 (2008-0478)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0038.NASL
    description Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 29933
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29933
    title CentOS 4 / 5 : postgresql (CESA-2008:0038)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12065.NASL
    description This version update to 8.1.11 fixes among other things, several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41193
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41193
    title SuSE9 Security Update : postgresql (YOU Patch Number 12065)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-568-1.NASL
    description Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. (CVE-2007-3278, CVE-2007-6601) It was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) It was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges. (CVE-2007-6600). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 29978
    published 2008-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29978
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : postgresql vulnerabilities (USN-568-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0038.NASL
    description From Red Hat Security Advisory 2008:0038 : Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67638
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67638
    title Oracle Linux 4 / 5 : postgresql (ELSA-2008-0038)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_51436B4C125011DDBAB70016179B2DD5.NASL
    description The PostgreSQL developers report : PostgreSQL allows users to create indexes on the results of user-defined functions, known as 'expression indexes'. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed. PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle, but that patch failed to close all forms of the loophole.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 32063
    published 2008-04-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32063
    title FreeBSD : postgresql -- multiple vulnerabilities (51436b4c-1250-11dd-bab7-0016179b2dd5)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-0552.NASL
    description - Mon Jan 7 2008 Tom Lane 8.2.6-1 - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 - Make initscript and pam config files be installed unconditionally; seems new buildroots don't necessarily have those directories in place - Thu Sep 20 2007 Tom Lane 8.2.5-1 - Update to PostgreSQL 8.2.5 and pgtcl 1.6.0 - Fix multilib problem for /usr/include/ecpg_config.h (which is new in 8.2.x) - Use tzdata package's data files instead of private copy, so that postgresql-server need not be turned for routine timezone updates - Don't remove postgres user/group during RPM uninstall, per Fedora packaging guidelines - Recent perl changes in rawhide mean we need a more specific BuildRequires - Wed Jun 20 2007 Tom Lane 8.2.4-2 - Fix oversight in postgresql-test makefile: pg_regress isn't a shell script anymore. Per upstream bug 3398. - Tue Apr 24 2007 Tom Lane 8.2.4-1 - Update to PostgreSQL 8.2.4 for CVE-2007-2138, data loss bugs Resolves: #237682 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 29948
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29948
    title Fedora 7 : postgresql-8.2.6-1.fc7 (2008-0552)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0038.NASL
    description Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 29955
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29955
    title RHEL 4 / 5 : postgresql (RHSA-2008:0038)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1460.NASL
    description Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. - CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 29937
    published 2008-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29937
    title Debian DSA-1460-1 : postgresql-8.1 - several vulnerabilities
oval via4
accepted 2013-04-29T04:14:44.715-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
family unix
id oval:org.mitre.oval:def:11569
status accepted
submitted 2010-07-09T03:56:16-04:00
title The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
version 25
redhat via4
advisories
  • rhsa
    id RHSA-2008:0038
  • rhsa
    id RHSA-2008:0040
  • rhsa
    id RHSA-2008:0134
  • rhsa
    id RHSA-2013:0122
rpms
  • postgresql-0:7.4.19-1.el4_6.1
  • postgresql-contrib-0:7.4.19-1.el4_6.1
  • postgresql-devel-0:7.4.19-1.el4_6.1
  • postgresql-docs-0:7.4.19-1.el4_6.1
  • postgresql-jdbc-0:7.4.19-1.el4_6.1
  • postgresql-libs-0:7.4.19-1.el4_6.1
  • postgresql-pl-0:7.4.19-1.el4_6.1
  • postgresql-python-0:7.4.19-1.el4_6.1
  • postgresql-server-0:7.4.19-1.el4_6.1
  • postgresql-tcl-0:7.4.19-1.el4_6.1
  • postgresql-test-0:7.4.19-1.el4_6.1
  • postgresql-0:8.1.11-1.el5_1.1
  • postgresql-contrib-0:8.1.11-1.el5_1.1
  • postgresql-devel-0:8.1.11-1.el5_1.1
  • postgresql-docs-0:8.1.11-1.el5_1.1
  • postgresql-libs-0:8.1.11-1.el5_1.1
  • postgresql-pl-0:8.1.11-1.el5_1.1
  • postgresql-python-0:8.1.11-1.el5_1.1
  • postgresql-server-0:8.1.11-1.el5_1.1
  • postgresql-tcl-0:8.1.11-1.el5_1.1
  • postgresql-test-0:8.1.11-1.el5_1.1
  • expect-0:5.38.0-92.8
  • expect-devel-0:5.38.0-92.8
  • itcl-0:3.2-92.8
  • tcl-0:8.3.5-92.8
  • tcl-devel-0:8.3.5-92.8
  • tclx-0:8.3-92.8
  • tix-0:8.1.4-92.8
  • tk-0:8.3.5-92.8
  • tk-devel-0:8.3.5-92.8
  • tcl-0:8.4.13-6.el5
  • tcl-devel-0:8.4.13-6.el5
  • tcl-html-0:8.4.13-6.el5
refmap via4
bid 27163
bugtraq
  • 20080107 PostgreSQL 2007-01-07 Cumulative Security Release
  • 20080115 rPSA-2008-0016-1 postgresql postgresql-server
  • 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
confirm
debian
  • DSA-1460
  • DSA-1463
fedora
  • FEDORA-2008-0478
  • FEDORA-2008-0552
gentoo GLSA-200801-15
hp
  • HPSBTU02325
  • SSRT080006
mandriva
  • MDVSA-2008:004
  • MDVSA-2008:059
sectrack 1019157
secunia
  • 28359
  • 28376
  • 28437
  • 28438
  • 28454
  • 28455
  • 28464
  • 28477
  • 28479
  • 28679
  • 28698
  • 29070
  • 29248
  • 29638
  • 30535
sunalert
  • 103197
  • 200559
suse
  • SUSE-SA:2008:005
  • SUSE-SU-2016:0539
  • SUSE-SU-2016:0555
  • SUSE-SU-2016:0677
  • openSUSE-SU-2016:0531
  • openSUSE-SU-2016:0578
ubuntu USN-568-1
vupen
  • ADV-2008-0061
  • ADV-2008-0109
  • ADV-2008-1071
  • ADV-2008-1744
xf postgresql-regular-expression-dos(39497)
Last major update 07-12-2016 - 22:00
Published 09-01-2008 - 16:46
Last modified 26-10-2018 - 10:09
Back to Top