fkie_cve-2005-1410
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.
References
secalert@redhat.comhttp://archives.postgresql.org/pgsql-announce/2005-05/msg00001.phpPatch
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_36_sudo.html
secalert@redhat.comhttp://www.postgresql.org/about/news.315Patch
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2005-433.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/426302/30/6680/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/13475Patch
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/0453
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1086
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9343
af854a3a-2127-422b-91ae-364da2661108http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.phpPatch
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_36_sudo.html
af854a3a-2127-422b-91ae-364da2661108http://www.postgresql.org/about/news.315Patch
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2005-433.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/426302/30/6680/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13475Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/0453
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1086
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9343
Impacted products
Vendor Product Version
postgresql postgresql 7.4
postgresql postgresql 7.4.3
postgresql postgresql 7.4.5
postgresql postgresql 7.4.6
postgresql postgresql 7.4.7
postgresql postgresql 8.0
postgresql postgresql 8.0.1
postgresql postgresql 8.0.2
trustix secure_linux 2.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBE2567C-BF48-4255-9E56-590A6F9DD932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB318EB9-1B49-452A-92CF-89D9BA990AB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "815E58C0-327D-4F14-B496-05FC8179627E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF2D056-5120-4F98-8343-4EC31F962CFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "516E0E86-3D8A-43F9-9DD5-865F5C889FC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94222D76-82BE-4FFB-BE4B-5DBAF3080D4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91D1232E-4D0A-4BDC-99F6-25AEE014E9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "105E9F52-D17E-4A0B-9C46-FD32A930B1E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as \"internal\" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments."
    }
  ],
  "id": "CVE-2005-1410",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-03T04:00:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.postgresql.org/about/news.315"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-433.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/426302/30/6680/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/13475"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2005/0453"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1086"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9343"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.postgresql.org/about/news.315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-433.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/426302/30/6680/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/13475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/0453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9343"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.