Executive Summary
Summary | |
---|---|
Title | PostgreSQL 8.1 regression |
Informations | |||
---|---|---|---|
Name | USN-417-2 | First vendor Publication | 2007-02-06 |
Vendor | Ubuntu | Last vendor Modification | 2007-02-06 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 9.2 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-417-1 fixed several vulnerabilities in the PostgreSQL server. Unfortunately this update had a regression that caused some valid queries to be aborted with a type error. This update corrects that problem. We apologize for the inconvenience. |
Original Source
Url : http://www.ubuntu.com/usn/USN-417-2 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11353 | |||
Oval ID: | oval:org.mitre.oval:def:11353 | ||
Title: | The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. | ||
Description: | The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-0556 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22160 | |||
Oval ID: | oval:org.mitre.oval:def:22160 | ||
Title: | ELSA-2007:0068: postgresql security update (Moderate) | ||
Description: | The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0068-02 CVE-2006-5540 CVE-2006-5541 CVE-2006-5542 CVE-2007-0555 CVE-2007-0556 | Version: | 25 |
Platform(s): | Oracle Linux 5 | Product(s): | postgresql |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-02-03 | Name : Solaris Update for PostgresSQL 123590-12 File : nvt/gb_solaris_123590_12.nasl |
2010-02-03 | Name : Solaris Update for PostgresSQL 123591-12 File : nvt/gb_solaris_123591_12.nasl |
2009-10-10 | Name : SLES9: Security update for PostgreSQL File : nvt/sles9p5018245.nasl |
2009-06-03 | Name : Solaris Update for PostgresSQL 123590-10 File : nvt/gb_solaris_123590_10.nasl |
2009-06-03 | Name : Solaris Update for PostgresSQL 123591-10 File : nvt/gb_solaris_123591_10.nasl |
2009-04-09 | Name : Mandriva Update for postgresql MDKSA-2007:037 (postgresql) File : nvt/gb_mandriva_MDKSA_2007_037.nasl |
2009-04-09 | Name : Mandriva Update for postgresql MDKSA-2007:037-1 (postgresql) File : nvt/gb_mandriva_MDKSA_2007_037_1.nasl |
2009-03-23 | Name : Ubuntu Update for postgresql-7.4/-8.0/-8.1 vulnerabilities USN-417-1 File : nvt/gb_ubuntu_USN_417_1.nasl |
2009-03-23 | Name : Ubuntu Update for postgresql-8.1 regression USN-417-2 File : nvt/gb_ubuntu_USN_417_2.nasl |
2009-03-23 | Name : Ubuntu Update for postgresql-8.1 regression USN-417-3 File : nvt/gb_ubuntu_USN_417_3.nasl |
2009-02-27 | Name : Fedora Update for postgresql FEDORA-2007-197 File : nvt/gb_fedora_2007_197_postgresql_fc6.nasl |
2009-02-27 | Name : Fedora Update for postgresql FEDORA-2007-198 File : nvt/gb_fedora_2007_198_postgresql_fc5.nasl |
2009-02-27 | Name : Fedora Update for postgresql FEDORA-2007-566 File : nvt/gb_fedora_2007_566_postgresql_fc5.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200703-15 (postgresql) File : nvt/glsa_200703_15.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1261-1 (postgresql) File : nvt/deb_1261_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
33302 | PostgreSQL Query Planner Table Compatibility Memory Access |
33087 | PostgreSQL Function Argument Data Type Check Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0064.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11509.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postgresql-3244.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-417-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-417-2.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-417-3.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_postgresql-3243.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0068.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200703-15.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-037.nasl - Type : ACT_GATHER_INFO |
2007-02-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1261.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0064.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-197.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-198.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0064.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:08 |
|
2013-05-11 12:25:46 |
|