CVE-2007-6067

Executive Summary

Informations
Name	CVE-2007-6067	First vendor Publication	2008-01-09
Vendor	Cve	Last vendor Modification	2013-02-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	8	Authentification	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067

CWE : Common Weakness Enumeration

id	Name
CWE-637	Failure to Use Economy of Mechanism
CWE-189	Numeric Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10235

Oval ID:	oval:org.mitre.oval:def:10235
Title:	Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
Description:	Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-6067	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section postgresql is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-docs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-pl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-tcl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-libs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-contrib is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-python is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-test is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-jdbc is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-server is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-devel is earlier than 0:7.4.19-1.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section postgresql is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-docs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-pl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-libs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-python is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-test is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-server is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-devel is earlier than 0:8.1.11-1.el5_1.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Postgresql Postgresql cpe:/a:postgresql:postgresql:8.2.4 cpe:/a:postgresql:postgresql:8.2.3 cpe:/a:postgresql:postgresql:8.2.2 cpe:/a:postgresql:postgresql:8.2 cpe:/a:postgresql:postgresql:8.1.9 cpe:/a:postgresql:postgresql:8.1.8 cpe:/a:postgresql:postgresql:8.1.7 cpe:/a:postgresql:postgresql:8.1.5 cpe:/a:postgresql:postgresql:8.1.4 cpe:/a:postgresql:postgresql:8.1.3 cpe:/a:postgresql:postgresql:8.1.1 cpe:/a:postgresql:postgresql:8.0.9 cpe:/a:postgresql:postgresql:8.0.8 cpe:/a:postgresql:postgresql:8.0.7 cpe:/a:postgresql:postgresql:8.0.5 cpe:/a:postgresql:postgresql:8.0.4 cpe:/a:postgresql:postgresql:8.0.317 cpe:/a:postgresql:postgresql:8.0.3 cpe:/a:postgresql:postgresql:8.0.2 cpe:/a:postgresql:postgresql:8.0.13 cpe:/a:postgresql:postgresql:8.0.11 cpe:/a:postgresql:postgresql:8.0.1 cpe:/a:postgresql:postgresql:8.0 cpe:/a:postgresql:postgresql:7.4.9 cpe:/a:postgresql:postgresql:7.4.8 cpe:/a:postgresql:postgresql:7.4.7 cpe:/a:postgresql:postgresql:7.4.6 cpe:/a:postgresql:postgresql:7.4.5 cpe:/a:postgresql:postgresql:7.4.4 cpe:/a:postgresql:postgresql:7.4.3 cpe:/a:postgresql:postgresql:7.4.2 cpe:/a:postgresql:postgresql:7.4.17 cpe:/a:postgresql:postgresql:7.4.16 cpe:/a:postgresql:postgresql:7.4.14 cpe:/a:postgresql:postgresql:7.4.13 cpe:/a:postgresql:postgresql:7.4.12 cpe:/a:postgresql:postgresql:7.4.11 cpe:/a:postgresql:postgresql:7.4.10 cpe:/a:postgresql:postgresql:7.4.1 cpe:/a:postgresql:postgresql:7.4 cpe:/a:postgresql:postgresql:7.3.9 cpe:/a:postgresql:postgresql:7.3.8 cpe:/a:postgresql:postgresql:7.3.6 cpe:/a:postgresql:postgresql:7.3.4 cpe:/a:postgresql:postgresql:7.3.3 cpe:/a:postgresql:postgresql:7.3.2 cpe:/a:postgresql:postgresql:7.3.19 cpe:/a:postgresql:postgresql:7.3.16 cpe:/a:postgresql:postgresql:7.3.15 cpe:/a:postgresql:postgresql:7.3.14 cpe:/a:postgresql:postgresql:7.3.13 cpe:/a:postgresql:postgresql:7.3.12 cpe:/a:postgresql:postgresql:7.3.11 cpe:/a:postgresql:postgresql:7.3.10 cpe:/a:postgresql:postgresql:7.3.1 cpe:/a:postgresql:postgresql:7.3	56
Application	Tcl Tk Tcl Tk cpe:/a:tcl_tk:tcl_tk:8.4.16	1

Open Source Vulnerability Database (OSVDB)

id	Description
40902	TCL in PostgreSQL Regular Expression Parser Crafted Doubly-nested State Regex...

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/27163
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/485864/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/486407/100/0/threaded
CONFIRM	http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=1... http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&grou... http://www.postgresql.org/about/news.905 https://issues.rpath.com/browse/RPL-1768
DEBIAN	http://www.debian.org/security/2008/dsa-1460 http://www.debian.org/security/2008/dsa-1463
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397... https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469...
GENTOO	http://security.gentoo.org/glsa/glsa-200801-15.xml
HP	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
REDHAT	http://rhn.redhat.com/errata/RHSA-2013-0122.html http://www.redhat.com/support/errata/RHSA-2008-0038.html http://www.redhat.com/support/errata/RHSA-2008-0040.html
SECTRACK	http://securitytracker.com/id?1019157
SECUNIA	http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http://secunia.com/advisories/28479 http://secunia.com/advisories/28679 http://secunia.com/advisories/28698 http://secunia.com/advisories/29638
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
UBUNTU	http://www.ubuntulinux.org/support/documentation/usn/usn-568-1
VUPEN	http://www.vupen.com/english/advisories/2008/0061 http://www.vupen.com/english/advisories/2008/0109 http://www.vupen.com/english/advisories/2008/1071/references
XF	http://xforce.iss.net/xforce/xfdb/39498

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 10:42:39	Multiple Updates
2013-02-07 13:19:31	Multiple Updates

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	57
osvdb(s)	1

Related	Severity
USN-568-1	(High)
SUN-103197	(High)
RHSA-2008:0040	(High)
RHSA-2008:0038	(High)
MDVSA-2008:004	(High)
HPSBTU02325 SSR...	(High)
GLSA-200801-15	(High)
DSA-1463	(High)
DSA-1460	(High)
RHSA-2013:0122	(Medium)