7.2 - CVE-2007-6601

Executive Summary

Informations
Name	CVE-2007-6601	First vendor Publication	2008-01-09
Vendor	Cve	Last vendor Modification	2023-01-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-287	Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11127

Oval ID:	oval:org.mitre.oval:def:11127
Title:	The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
Description:	The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-6601	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section rh-postgresql-devel is earlier than 0:7.3.21-1 AND rh-postgresql-server is earlier than 0:7.3.21-1 AND rh-postgresql-python is earlier than 0:7.3.21-1 AND rh-postgresql-libs is earlier than 0:7.3.21-1 AND rh-postgresql-docs is earlier than 0:7.3.21-1 AND rh-postgresql-test is earlier than 0:7.3.21-1 AND rh-postgresql-pl is earlier than 0:7.3.21-1 AND rh-postgresql-tcl is earlier than 0:7.3.21-1 AND rh-postgresql is earlier than 0:7.3.21-1 AND rh-postgresql-contrib is earlier than 0:7.3.21-1 AND rh-postgresql-jdbc is earlier than 0:7.3.21-1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section postgresql is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-docs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-pl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-tcl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-libs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-contrib is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-python is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-test is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-jdbc is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-server is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-devel is earlier than 0:7.4.19-1.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section postgresql is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-docs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-pl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-libs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-python is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-test is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-server is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-devel is earlier than 0:8.1.11-1.el5_1.1

Definition Id: oval:org.mitre.oval:def:18105

Oval ID:	oval:org.mitre.oval:def:18105
Title:	DSA-1463-1 postgresql-7.4 - several
Description:	Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
Family:	unix	Class:	patch
Reference(s):	DSA-1463-1 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	postgresql-7.4
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND postgresql-7.4 DPKG is earlier than 7.4.19-0etch1

Definition Id: oval:org.mitre.oval:def:20164

Oval ID:	oval:org.mitre.oval:def:20164
Title:	DSA-1460-1 postgresql-8.1 - several
Description:	Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
Family:	unix	Class:	patch
Reference(s):	DSA-1460-1 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	postgresql-8.1
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND postgresql-8.1 DPKG is earlier than 0:8.1.11-0etch1

Definition Id: oval:org.mitre.oval:def:21738

Oval ID:	oval:org.mitre.oval:def:21738
Title:	ELSA-2008:0038: postgresql security update (Moderate)
Description:	The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0038-01 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	29
Platform(s):	Oracle Linux 5	Product(s):	postgresql
Definition Synopsis:
Oracle Linux 5.x rpm test postgresql-docs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-devel is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-test is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-libs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-pl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-python is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-server is earlier than 0:8.1.11-1.el5_1.1

Definition Id: oval:org.mitre.oval:def:7844

Oval ID:	oval:org.mitre.oval:def:7844
Title:	DSA-1460 postgresql-8.1 -- several vulnerabilities
Description:	Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905. The old stable distribution (sarge), doesn't contain postgresql-8.1. For the stable distribution (etch), these problems have been fixed in version postgresql-8.1 8.1.11-0etch1. For the unstable distribution (sid), these problems have been fixed in version 8.2.6-1 of postgresql-8.2. We recommend that you upgrade your postgresql-8.1 (8.1.11-0etch1) package.
Family:	unix	Class:	patch
Reference(s):	DSA-1460 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	postgresql-8.1
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND postgresql-doc-8.1 is earlier than 8.1.11-0etch1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section postgresql-client-8.1 is earlier than 8.1.11-0etch1 AND postgresql-8.1 is earlier than 8.1.11-0etch1 AND postgresql-pltcl-8.1 is earlier than 8.1.11-0etch1 AND libecpg5 is earlier than 8.1.11-0etch1 AND postgresql-contrib-8.1 is earlier than 8.1.11-0etch1 AND postgresql-server-dev-8.1 is earlier than 8.1.11-0etch1 AND postgresql-plpython-8.1 is earlier than 8.1.11-0etch1 AND libecpg-dev is earlier than 8.1.11-0etch1 AND libpgtypes2 is earlier than 8.1.11-0etch1 AND libpq4 is earlier than 8.1.11-0etch1 AND libpq-dev is earlier than 8.1.11-0etch1 AND postgresql-plperl-8.1 is earlier than 8.1.11-0etch1 AND libecpg-compat2 is earlier than 8.1.11-0etch1

Definition Id: oval:org.mitre.oval:def:8199

Oval ID:	oval:org.mitre.oval:def:8199
Title:	DSA-1463 postgresql-7.4 -- several vulnerabilities
Description:	Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905. For the old stable distribution (sarge), some of these problems have been fixed in version 7.4.7-6sarge6 of the postgresql package. Please note that the fix for CVE-2007-6600 and for the handling of regular expressions haven’t been backported due to the intrusiveness of the fix. We recommend to upgrade to the stable distribution if these vulnerabilities affect your setup. For the stable distribution (etch), these problems have been fixed in version 7.4.19-0etch1. The unstable distribution (sid) no longer contains postgres-7.4. We recommend that you upgrade your postgresql-7.4 packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1463 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	3
Platform(s):	Debian GNU/Linux 4.0 Debian GNU/Linux 3.1	Product(s):	postgresql-7.4
Definition Synopsis:
Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section postgresql-server-dev-7.4 is earlier than 7.4.19-0etch1 AND postgresql-doc-7.4 is earlier than 7.4.19-0etch1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section postgresql-7.4 is earlier than 7.4.19-0etch1 AND postgresql-plpython-7.4 is earlier than 7.4.19-0etch1 AND postgresql-contrib-7.4 is earlier than 7.4.19-0etch1 AND postgresql-client-7.4 is earlier than 7.4.19-0etch1 AND postgresql-plperl-7.4 is earlier than 7.4.19-0etch1 AND postgresql-pltcl-7.4 is earlier than 7.4.19-0etch1 OR Release section Debian GNU/Linux 3.1 is installed AND Architecture section Architecture independent section Installed architecture is all AND postgresql-doc is earlier than 7.4.7-6sarge6 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is m68k AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section libpgtcl is earlier than 7.4.7-6sarge6 AND postgresql is earlier than 7.4.7-6sarge6 AND libecpg4 is earlier than 7.4.7-6sarge6 AND postgresql-contrib is earlier than 7.4.7-6sarge6 AND libpq3 is earlier than 7.4.7-6sarge6 AND libecpg-dev is earlier than 7.4.7-6sarge6 AND libpgtcl-dev is earlier than 7.4.7-6sarge6 AND postgresql-dev is earlier than 7.4.7-6sarge6 AND postgresql-client is earlier than 7.4.7-6sarge6

CPE : Common Platform Enumeration

Type	Description	Count
Application	Postgresql cpe:2.3:a:postgresql:postgresql:8.2.5:::::::* cpe:2.3:a:postgresql:postgresql:8.2.4:::::::* cpe:2.3:a:postgresql:postgresql:8.2.3:::::::* cpe:2.3:a:postgresql:postgresql:8.2.2:::::::* cpe:2.3:a:postgresql:postgresql:8.2.1:::::::* cpe:2.3:a:postgresql:postgresql:8.2.0:::::::* cpe:2.3:a:postgresql:postgresql:8.2:::::::* cpe:2.3:a:postgresql:postgresql:8.1.9:::::::* cpe:2.3:a:postgresql:postgresql:8.1.8:::::::* cpe:2.3:a:postgresql:postgresql:8.1.7:::::::* cpe:2.3:a:postgresql:postgresql:8.1.6:::::::* cpe:2.3:a:postgresql:postgresql:8.1.5:::::::* cpe:2.3:a:postgresql:postgresql:8.1.4:::::::* cpe:2.3:a:postgresql:postgresql:8.1.3:::::::* cpe:2.3:a:postgresql:postgresql:8.1.23:::::::* cpe:2.3:a:postgresql:postgresql:8.1.22:::::::* cpe:2.3:a:postgresql:postgresql:8.1.21:::::::* cpe:2.3:a:postgresql:postgresql:8.1.20:::::::* cpe:2.3:a:postgresql:postgresql:8.1.2:::::::* cpe:2.3:a:postgresql:postgresql:8.1.19:::::::* cpe:2.3:a:postgresql:postgresql:8.1.18:::::::* cpe:2.3:a:postgresql:postgresql:8.1.17:::::::* cpe:2.3:a:postgresql:postgresql:8.1.16:::::::* cpe:2.3:a:postgresql:postgresql:8.1.15:::::::* cpe:2.3:a:postgresql:postgresql:8.1.14:::::::* cpe:2.3:a:postgresql:postgresql:8.1.13:::::::* cpe:2.3:a:postgresql:postgresql:8.1.12:::::::* cpe:2.3:a:postgresql:postgresql:8.1.11:::::::* cpe:2.3:a:postgresql:postgresql:8.1.10:::::::* cpe:2.3:a:postgresql:postgresql:8.1.1:::::::* cpe:2.3:a:postgresql:postgresql:8.1.0:::::::* cpe:2.3:a:postgresql:postgresql:8.1:::::::* cpe:2.3:a:postgresql:postgresql:8.0.9:::::::* cpe:2.3:a:postgresql:postgresql:8.0.8:::::::* cpe:2.3:a:postgresql:postgresql:8.0.7:::::::* cpe:2.3:a:postgresql:postgresql:8.0.6:::::::* cpe:2.3:a:postgresql:postgresql:8.0.5:::::::* cpe:2.3:a:postgresql:postgresql:8.0.4:::::::* cpe:2.3:a:postgresql:postgresql:8.0.317:::::::* cpe:2.3:a:postgresql:postgresql:8.0.3:::::::* cpe:2.3:a:postgresql:postgresql:8.0.26:::::::* cpe:2.3:a:postgresql:postgresql:8.0.25:::::::* cpe:2.3:a:postgresql:postgresql:8.0.24:::::::* cpe:2.3:a:postgresql:postgresql:8.0.23:::::::* cpe:2.3:a:postgresql:postgresql:8.0.22:::::::* cpe:2.3:a:postgresql:postgresql:8.0.21:::::::* cpe:2.3:a:postgresql:postgresql:8.0.20:::::::* cpe:2.3:a:postgresql:postgresql:8.0.2:::::::* cpe:2.3:a:postgresql:postgresql:8.0.19:::::::* cpe:2.3:a:postgresql:postgresql:8.0.18:::::::* cpe:2.3:a:postgresql:postgresql:8.0.17:::::::* cpe:2.3:a:postgresql:postgresql:8.0.16:::::::* cpe:2.3:a:postgresql:postgresql:8.0.15:::::::* cpe:2.3:a:postgresql:postgresql:8.0.14:::::::* cpe:2.3:a:postgresql:postgresql:8.0.13:::::::* cpe:2.3:a:postgresql:postgresql:8.0.12:::::::* cpe:2.3:a:postgresql:postgresql:8.0.11:::::::* cpe:2.3:a:postgresql:postgresql:8.0.10:::::::* cpe:2.3:a:postgresql:postgresql:8.0.1:::::::* cpe:2.3:a:postgresql:postgresql:8.0.0:::::::* cpe:2.3:a:postgresql:postgresql:8.0:::::::* cpe:2.3:a:postgresql:postgresql:7.4.9:::::::* cpe:2.3:a:postgresql:postgresql:7.4.8:::::::* cpe:2.3:a:postgresql:postgresql:7.4.7:::::::* cpe:2.3:a:postgresql:postgresql:7.4.6:::::::* cpe:2.3:a:postgresql:postgresql:7.4.5:::::::* cpe:2.3:a:postgresql:postgresql:7.4.4:::::::* cpe:2.3:a:postgresql:postgresql:7.4.30:::::::* cpe:2.3:a:postgresql:postgresql:7.4.3:::::::* cpe:2.3:a:postgresql:postgresql:7.4.29:::::::* cpe:2.3:a:postgresql:postgresql:7.4.28:::::::* cpe:2.3:a:postgresql:postgresql:7.4.27:::::::* cpe:2.3:a:postgresql:postgresql:7.4.26:::::::* cpe:2.3:a:postgresql:postgresql:7.4.25:::::::* cpe:2.3:a:postgresql:postgresql:7.4.24:::::::* cpe:2.3:a:postgresql:postgresql:7.4.23:::::::* cpe:2.3:a:postgresql:postgresql:7.4.22:::::::* cpe:2.3:a:postgresql:postgresql:7.4.21:::::::* cpe:2.3:a:postgresql:postgresql:7.4.20:::::::* cpe:2.3:a:postgresql:postgresql:7.4.2:::::::* cpe:2.3:a:postgresql:postgresql:7.4.19:::::::* cpe:2.3:a:postgresql:postgresql:7.4.18:::::::* cpe:2.3:a:postgresql:postgresql:7.4.17:::::::* cpe:2.3:a:postgresql:postgresql:7.4.16:::::::* cpe:2.3:a:postgresql:postgresql:7.4.15:::::::* cpe:2.3:a:postgresql:postgresql:7.4.14:::::::* cpe:2.3:a:postgresql:postgresql:7.4.13:::::::* cpe:2.3:a:postgresql:postgresql:7.4.12:::::::* cpe:2.3:a:postgresql:postgresql:7.4.11:::::::* cpe:2.3:a:postgresql:postgresql:7.4.10:::::::* cpe:2.3:a:postgresql:postgresql:7.4.1:::::::* cpe:2.3:a:postgresql:postgresql:7.4:::::::* cpe:2.3:a:postgresql:postgresql:7.3.9:::::::* cpe:2.3:a:postgresql:postgresql:7.3.8:::::::* cpe:2.3:a:postgresql:postgresql:7.3.7:::::::* cpe:2.3:a:postgresql:postgresql:7.3.6:::::::* cpe:2.3:a:postgresql:postgresql:7.3.5:::::::* cpe:2.3:a:postgresql:postgresql:7.3.4:::::::* cpe:2.3:a:postgresql:postgresql:7.3.3:::::::* cpe:2.3:a:postgresql:postgresql:7.3.21:::::::* cpe:2.3:a:postgresql:postgresql:7.3.20:::::::* cpe:2.3:a:postgresql:postgresql:7.3.2:::::::* cpe:2.3:a:postgresql:postgresql:7.3.19:::::::* cpe:2.3:a:postgresql:postgresql:7.3.18:::::::* cpe:2.3:a:postgresql:postgresql:7.3.17:::::::* cpe:2.3:a:postgresql:postgresql:7.3.16:::::::* cpe:2.3:a:postgresql:postgresql:7.3.15:::::::* cpe:2.3:a:postgresql:postgresql:7.3.14:::::::* cpe:2.3:a:postgresql:postgresql:7.3.13:::::::* cpe:2.3:a:postgresql:postgresql:7.3.12:::::::* cpe:2.3:a:postgresql:postgresql:7.3.11:::::::* cpe:2.3:a:postgresql:postgresql:7.3.10:::::::* cpe:2.3:a:postgresql:postgresql:7.3.1:::::::* cpe:2.3:a:postgresql:postgresql:7.3.0:::::::* cpe:2.3:a:postgresql:postgresql:7.3:::::::* cpe:2.3:a:postgresql:postgresql:7.2.8:::::::* cpe:2.3:a:postgresql:postgresql:7.2.7:::::::* cpe:2.3:a:postgresql:postgresql:7.2.6:::::::* cpe:2.3:a:postgresql:postgresql:7.2.5:::::::* cpe:2.3:a:postgresql:postgresql:7.2.4:::::::* cpe:2.3:a:postgresql:postgresql:7.2.3:::::::* cpe:2.3:a:postgresql:postgresql:7.2.2:::::::* cpe:2.3:a:postgresql:postgresql:7.2.1:::::::* cpe:2.3:a:postgresql:postgresql:7.2:::::::* cpe:2.3:a:postgresql:postgresql:7.1.3:::::::* cpe:2.3:a:postgresql:postgresql:7.1.2:::::::* cpe:2.3:a:postgresql:postgresql:7.1.1:::::::* cpe:2.3:a:postgresql:postgresql:7.1:::::::* cpe:2.3:a:postgresql:postgresql:7.0.3:::::::* cpe:2.3:a:postgresql:postgresql:7.0.2:::::::* cpe:2.3:a:postgresql:postgresql:7.0.1:::::::* cpe:2.3:a:postgresql:postgresql:7.0:::::::* cpe:2.3:a:postgresql:postgresql:6.5.3.1:::::::* cpe:2.3:a:postgresql:postgresql:6.5.3:::::::* cpe:2.3:a:postgresql:postgresql:6.5.2:::::::* cpe:2.3:a:postgresql:postgresql:6.5.1:::::::* cpe:2.3:a:postgresql:postgresql:6.5.0:::::::* cpe:2.3:a:postgresql:postgresql:6.5:::::::* cpe:2.3:a:postgresql:postgresql:6.4.2:::::::* cpe:2.3:a:postgresql:postgresql:6.4.1:::::::* cpe:2.3:a:postgresql:postgresql:6.4:::::::* cpe:2.3:a:postgresql:postgresql:6.3.2:::::::* cpe:2.3:a:postgresql:postgresql:6.3.1:::::::* cpe:2.3:a:postgresql:postgresql:6.3:::::::* cpe:2.3:a:postgresql:postgresql:6.2.1:::::::* cpe:2.3:a:postgresql:postgresql:6.2:::::::* cpe:2.3:a:postgresql:postgresql:6.1.1:::::::* cpe:2.3:a:postgresql:postgresql:6.1:::::::* cpe:2.3:a:postgresql:postgresql:6.0:::::::* cpe:2.3:a:postgresql:postgresql:1.09:::::::* cpe:2.3:a:postgresql:postgresql:1.08:::::::* cpe:2.3:a:postgresql:postgresql:1.02:::::::* cpe:2.3:a:postgresql:postgresql:1.01:::::::* cpe:2.3:a:postgresql:postgresql:1.0:::::::* cpe:2.3:a:postgresql:postgresql:::::::: cpe:2.3:a:postgresql:postgresql:-:::::debian:: cpe:2.3:a:postgresql:postgresql:-:::::ubuntu:: cpe:2.3:a:postgresql:postgresql:-:::::::*	158
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:4.0:::::::* cpe:2.3:o:debian:debian_linux:3.1:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:8:::::::* cpe:2.3:o:fedoraproject:fedora:7:::::::*	2

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for rh-postgresql CESA-2009:1485 centos3 i386 File : nvt/gb_CESA-2009_1485_rh-postgresql_centos3_i386.nasl
2011-08-09	Name : CentOS Update for postgresql CESA-2009:1484 centos5 i386 File : nvt/gb_CESA-2009_1484_postgresql_centos5_i386.nasl
2011-08-09	Name : CentOS Update for postgresql CESA-2009:1484 centos4 i386 File : nvt/gb_CESA-2009_1484_postgresql_centos4_i386.nasl
2009-10-13	Name : RedHat Security Advisory RHSA-2009:1485 File : nvt/RHSA_2009_1485.nasl
2009-10-13	Name : SLES10: Security update for PostgreSQL File : nvt/sles10_postgresql1.nasl
2009-10-13	Name : RedHat Security Advisory RHSA-2009:1484 File : nvt/RHSA_2009_1484.nasl
2009-10-10	Name : SLES9: Security update for postgresql File : nvt/sles9p5021809.nasl
2009-04-09	Name : Mandriva Update for postgresql MDVSA-2008:004 (postgresql) File : nvt/gb_mandriva_MDVSA_2008_004.nasl
2009-03-23	Name : Ubuntu Update for postgresql vulnerabilities USN-568-1 File : nvt/gb_ubuntu_USN_568_1.nasl
2009-03-06	Name : RedHat Update for postgresql RHSA-2008:0039-01 File : nvt/gb_RHSA-2008_0039-01_postgresql.nasl
2009-03-06	Name : RedHat Update for postgresql RHSA-2008:0038-01 File : nvt/gb_RHSA-2008_0038-01_postgresql.nasl
2009-02-27	Name : CentOS Update for postgresql CESA-2008:0038 centos4 i386 File : nvt/gb_CESA-2008_0038_postgresql_centos4_i386.nasl
2009-02-27	Name : CentOS Update for rh-postgresql CESA-2008:0039 centos3 x86_64 File : nvt/gb_CESA-2008_0039_rh-postgresql_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for rh-postgresql CESA-2008:0039 centos3 i386 File : nvt/gb_CESA-2008_0039_rh-postgresql_centos3_i386.nasl
2009-02-27	Name : CentOS Update for postgresql CESA-2008:0038 centos4 x86_64 File : nvt/gb_CESA-2008_0038_postgresql_centos4_x86_64.nasl
2009-02-17	Name : Fedora Update for postgresql FEDORA-2008-0478 File : nvt/gb_fedora_2008_0478_postgresql_fc8.nasl
2009-02-17	Name : Fedora Update for postgresql FEDORA-2008-0552 File : nvt/gb_fedora_2008_0552_postgresql_fc7.nasl
2009-01-23	Name : SuSE Update for postgresql SUSE-SA:2008:005 File : nvt/gb_suse_2008_005.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200801-15 (postgresql) File : nvt/glsa_200801_15.nasl
2008-09-04	Name : FreeBSD Ports: postgresql, postgresql-server File : nvt/freebsd_postgresql4.nasl
2008-01-31	Name : Debian Security Advisory DSA 1460-1 (postgresql-8.1) File : nvt/deb_1460_1.nasl
2008-01-31	Name : Debian Security Advisory DSA 1463-1 (postgresql-7.4) File : nvt/deb_1463_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
40903	PostgreSQL DBLink Module Unspecified Remote Privilege Escalation

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0039.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0038.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080111_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2009-10-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2009-10-08	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2009-10-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12065.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-004.nasl - Type : ACT_GATHER_INFO
2008-04-28	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_51436b4c125011ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote openSUSE host is missing a security update. File : suse_postgresql-4955.nasl - Type : ACT_GATHER_INFO
2008-02-06	Name : The remote openSUSE host is missing a security update. File : suse_postgresql-4958.nasl - Type : ACT_GATHER_INFO
2008-02-06	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postgresql-4962.nasl - Type : ACT_GATHER_INFO
2008-01-29	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200801-15.nasl - Type : ACT_GATHER_INFO
2008-01-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-568-1.nasl - Type : ACT_GATHER_INFO
2008-01-15	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1463.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0039.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0038.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote Fedora host is missing a security update. File : fedora_2008-0552.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote Fedora host is missing a security update. File : fedora_2008-0478.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1460.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0039.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0038.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/27163
BUGTRAQ	http://www.securityfocus.com/archive/1/485864/100/0/threaded http://www.securityfocus.com/archive/1/486407/100/0/threaded
CONFIRM	http://www.postgresql.org/about/news.905 https://issues.rpath.com/browse/RPL-1768
DEBIAN	http://www.debian.org/security/2008/dsa-1460 http://www.debian.org/security/2008/dsa-1463
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397... https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469...
GENTOO	http://security.gentoo.org/glsa/glsa-200801-15.xml
HP	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2008-0038.html http://www.redhat.com/support/errata/RHSA-2008-0039.html http://www.redhat.com/support/errata/RHSA-2008-0040.html
SECTRACK	http://securitytracker.com/id?1019157
SECUNIA	http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http://secunia.com/advisories/28479 http://secunia.com/advisories/28679 http://secunia.com/advisories/28698 http://secunia.com/advisories/29638
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
UBUNTU	https://usn.ubuntu.com/568-1/
VUPEN	http://www.vupen.com/english/advisories/2008/0061 http://www.vupen.com/english/advisories/2008/0109 http://www.vupen.com/english/advisories/2008/1071/references
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/39500

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-01-19 00:27:41	Multiple Updates
2021-05-04 12:06:50	Multiple Updates
2021-04-22 01:07:19	Multiple Updates
2020-05-23 00:20:56	Multiple Updates
2019-03-19 12:02:38	Multiple Updates
2018-10-16 00:19:23	Multiple Updates
2018-10-04 00:19:31	Multiple Updates
2017-09-29 09:23:20	Multiple Updates
2017-08-08 09:23:47	Multiple Updates
2016-04-26 16:56:20	Multiple Updates
2014-02-17 10:43:02	Multiple Updates
2013-05-11 10:45:10	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	6
CPE ID(s)	162
Sources(s)	38
osvdb(s)	1
Openvas Exploit(s)	22
Nessus® Exploit(s)	25

	Related
7.2	USN-568-1
7.2	SUN-103197
7.2	RHSA-2008:0040
7.2	RHSA-2008:0039
7.2	RHSA-2008:0038
7.2	MDVSA-2008:004
7.2	HPSBTU02325 SSR...
7.2	GLSA-200801-15
7.2	DSA-1463
7.2	DSA-1460
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 10 more Alert(s)

7.2 - CVE-2007-6601

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU