7.2 - HPSBTU02325 SSRT080006

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	HP Internet Express for Tru64 UNIX running PostgreSQL, Arbitrary Code Execution, Privilege Elevation, or Denial of Service (DoS)

Informations
Name	HPSBTU02325 SSRT080006	First vendor Publication	2008-04-01
Vendor	HP	Last vendor Modification	2008-04-01
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential security vulnerabilities have been identified in PostgreSQL v 8.2.4 and earlier running on HP Internet Express for Tru64 UNIX. The vulnerabilities could be exploited to execute arbitrary code, elevation of privilege, or cause a Denial of Service (DoS).

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-264	Permissions, Privileges, and Access Controls
33 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
17 %	CWE-399	Resource Management Errors
17 %	CWE-287	Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10235

Oval ID:	oval:org.mitre.oval:def:10235
Title:	Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
Description:	Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-6067	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section postgresql is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-docs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-pl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-tcl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-libs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-contrib is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-python is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-test is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-jdbc is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-server is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-devel is earlier than 0:7.4.19-1.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section postgresql is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-docs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-pl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-libs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-python is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-test is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-server is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-devel is earlier than 0:8.1.11-1.el5_1.1

Definition Id: oval:org.mitre.oval:def:10334

Oval ID:	oval:org.mitre.oval:def:10334
Title:	PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
Description:	PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-3278	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section rh-postgresql-devel is earlier than 0:7.3.21-1 AND rh-postgresql-server is earlier than 0:7.3.21-1 AND rh-postgresql-python is earlier than 0:7.3.21-1 AND rh-postgresql-libs is earlier than 0:7.3.21-1 AND rh-postgresql-docs is earlier than 0:7.3.21-1 AND rh-postgresql-test is earlier than 0:7.3.21-1 AND rh-postgresql-pl is earlier than 0:7.3.21-1 AND rh-postgresql-tcl is earlier than 0:7.3.21-1 AND rh-postgresql is earlier than 0:7.3.21-1 AND rh-postgresql-contrib is earlier than 0:7.3.21-1 AND rh-postgresql-jdbc is earlier than 0:7.3.21-1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section postgresql is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-docs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-pl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-tcl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-libs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-contrib is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-python is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-test is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-jdbc is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-server is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-devel is earlier than 0:7.4.19-1.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section postgresql is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-docs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-pl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-libs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-python is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-test is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-server is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-devel is earlier than 0:8.1.11-1.el5_1.1

Definition Id: oval:org.mitre.oval:def:10493

Oval ID:	oval:org.mitre.oval:def:10493
Title:	PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
Description:	PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-6600	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section rh-postgresql-devel is earlier than 0:7.3.21-1 AND rh-postgresql-server is earlier than 0:7.3.21-1 AND rh-postgresql-python is earlier than 0:7.3.21-1 AND rh-postgresql-libs is earlier than 0:7.3.21-1 AND rh-postgresql-docs is earlier than 0:7.3.21-1 AND rh-postgresql-test is earlier than 0:7.3.21-1 AND rh-postgresql-pl is earlier than 0:7.3.21-1 AND rh-postgresql-tcl is earlier than 0:7.3.21-1 AND rh-postgresql is earlier than 0:7.3.21-1 AND rh-postgresql-contrib is earlier than 0:7.3.21-1 AND rh-postgresql-jdbc is earlier than 0:7.3.21-1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section postgresql is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-docs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-pl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-tcl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-libs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-contrib is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-python is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-test is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-jdbc is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-server is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-devel is earlier than 0:7.4.19-1.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section postgresql is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-docs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-pl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-libs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-python is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-test is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-server is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-devel is earlier than 0:8.1.11-1.el5_1.1

Definition Id: oval:org.mitre.oval:def:11127

Oval ID:	oval:org.mitre.oval:def:11127
Title:	The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
Description:	The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-6601	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section rh-postgresql-devel is earlier than 0:7.3.21-1 AND rh-postgresql-server is earlier than 0:7.3.21-1 AND rh-postgresql-python is earlier than 0:7.3.21-1 AND rh-postgresql-libs is earlier than 0:7.3.21-1 AND rh-postgresql-docs is earlier than 0:7.3.21-1 AND rh-postgresql-test is earlier than 0:7.3.21-1 AND rh-postgresql-pl is earlier than 0:7.3.21-1 AND rh-postgresql-tcl is earlier than 0:7.3.21-1 AND rh-postgresql is earlier than 0:7.3.21-1 AND rh-postgresql-contrib is earlier than 0:7.3.21-1 AND rh-postgresql-jdbc is earlier than 0:7.3.21-1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section postgresql is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-docs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-pl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-tcl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-libs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-contrib is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-python is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-test is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-jdbc is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-server is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-devel is earlier than 0:7.4.19-1.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section postgresql is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-docs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-pl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-libs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-python is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-test is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-server is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-devel is earlier than 0:8.1.11-1.el5_1.1

Definition Id: oval:org.mitre.oval:def:11569

Oval ID:	oval:org.mitre.oval:def:11569
Title:	The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
Description:	The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-4772	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section tix is earlier than 0:8.1.4-92.8 AND tclx is earlier than 0:8.3-92.8 AND tcl-devel is earlier than 0:8.3.5-92.8 AND expect-devel is earlier than 0:5.38.0-92.8 AND tcltk is earlier than 0:8.3.5-92.8 AND itcl is earlier than 0:3.2-92.8 AND tcl is earlier than 0:8.3.5-92.8 AND expect is earlier than 0:5.38.0-92.8 AND tk-devel is earlier than 0:8.3.5-92.8 AND tk is earlier than 0:8.3.5-92.8 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section postgresql is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-docs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-pl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-tcl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-libs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-contrib is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-python is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-test is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-jdbc is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-server is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-devel is earlier than 0:7.4.19-1.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section postgresql is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-docs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-pl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-libs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-python is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-test is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-server is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-devel is earlier than 0:8.1.11-1.el5_1.1

Definition Id: oval:org.mitre.oval:def:16775

Oval ID:	oval:org.mitre.oval:def:16775
Title:	USN-568-1 -- postgresql vulnerabilities
Description:	Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions.
Family:	unix	Class:	patch
Reference(s):	USN-568-1 CVE-2007-3278 CVE-2007-6601 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10	Product(s):	postgresql-8.1 postgresql-8.2
Definition Synopsis:
Release section Ubuntu 6.06 is installed Packages match section postgresql-8.1 DPKG is earlier than 8.1.11-0ubuntu0.6.06.1 AND postgresql-pltcl-8.1 DPKG is earlier than 8.1.11-0ubuntu0.6.06.1 AND Release section Ubuntu 6.10 is installed Packages match section postgresql-8.1 DPKG is earlier than 8.1.11-0ubuntu0.6.10.1 AND postgresql-pltcl-8.1 DPKG is earlier than 8.1.11-0ubuntu0.6.10.1 AND Release section Ubuntu 7.04 is installed Packages match section postgresql-8.2 DPKG is earlier than 8.2.6-0ubuntu0.7.04.1 AND postgresql-pltcl-8.2 DPKG is earlier than 8.2.6-0ubuntu0.7.04.1 AND Release section Ubuntu 7.10 is installed Packages match section postgresql-8.2 DPKG is earlier than 8.2.6-0ubuntu0.7.10.1 AND postgresql-pltcl-8.2 DPKG is earlier than 8.2.6-0ubuntu0.7.10.1

Definition Id: oval:org.mitre.oval:def:18105

Oval ID:	oval:org.mitre.oval:def:18105
Title:	DSA-1463-1 postgresql-7.4 - several
Description:	Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
Family:	unix	Class:	patch
Reference(s):	DSA-1463-1 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	postgresql-7.4
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND postgresql-7.4 DPKG is earlier than 7.4.19-0etch1

Definition Id: oval:org.mitre.oval:def:20164

Oval ID:	oval:org.mitre.oval:def:20164
Title:	DSA-1460-1 postgresql-8.1 - several
Description:	Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
Family:	unix	Class:	patch
Reference(s):	DSA-1460-1 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	postgresql-8.1
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND postgresql-8.1 DPKG is earlier than 0:8.1.11-0etch1

Definition Id: oval:org.mitre.oval:def:20998

Oval ID:	oval:org.mitre.oval:def:20998
Title:	RHSA-2013:0122: tcl security and bug fix update (Moderate)
Description:	Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0122-00 CESA-2013:0122 CVE-2007-4772 CVE-2007-6067	Version:	31
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	tcl
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x Packages section tcl-devel is earlier than 0:8.4.13-6.el5 AND tcl is earlier than 0:8.4.13-6.el5 AND tcl-html is earlier than 0:8.4.13-6.el5

Definition Id: oval:org.mitre.oval:def:21738

Oval ID:	oval:org.mitre.oval:def:21738
Title:	ELSA-2008:0038: postgresql security update (Moderate)
Description:	The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0038-01 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	29
Platform(s):	Oracle Linux 5	Product(s):	postgresql
Definition Synopsis:
Oracle Linux 5.x rpm test postgresql-docs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-devel is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-test is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-libs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-pl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-python is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-server is earlier than 0:8.1.11-1.el5_1.1

Definition Id: oval:org.mitre.oval:def:23371

Oval ID:	oval:org.mitre.oval:def:23371
Title:	ELSA-2013:0122: tcl security and bug fix update (Moderate)
Description:	Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0122-00 CVE-2007-4772 CVE-2007-6067	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	tcl
Definition Synopsis:
Oracle Linux 5.x rpm test tcl-devel is earlier than 0:8.4.13-6.el5 AND tcl is earlier than 0:8.4.13-6.el5 AND tcl-html is earlier than 0:8.4.13-6.el5

Definition Id: oval:org.mitre.oval:def:27239

Oval ID:	oval:org.mitre.oval:def:27239
Title:	DEPRECATED: ELSA-2013-0122 -- tcl security and bug fix update (moderate)
Description:	[8.4.13-6] - Fixed infinite loop in regex NFA optimization code Resolves: CVE-2007-4772 - Fixed O(N^2) compile time (and huge memory requirements) for some regexps Resolves: CVE-2007-6067 [8.4.13-5] - Threaded / nonthreaded versions of tcl are now switchable through alternatives Resolves: rhbz#478961
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0122 CVE-2007-4772 CVE-2007-6067	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	tcl
Definition Synopsis:
Oracle Linux 5.x Packages match section tcl is earlier than 0:8.4.13-6.el5 AND tcl-devel is earlier than 0:8.4.13-6.el5 AND tcl-html is earlier than 0:8.4.13-6.el5

Definition Id: oval:org.mitre.oval:def:7844

Oval ID:	oval:org.mitre.oval:def:7844
Title:	DSA-1460 postgresql-8.1 -- several vulnerabilities
Description:	Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905. The old stable distribution (sarge), doesn't contain postgresql-8.1. For the stable distribution (etch), these problems have been fixed in version postgresql-8.1 8.1.11-0etch1. For the unstable distribution (sid), these problems have been fixed in version 8.2.6-1 of postgresql-8.2. We recommend that you upgrade your postgresql-8.1 (8.1.11-0etch1) package.
Family:	unix	Class:	patch
Reference(s):	DSA-1460 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	postgresql-8.1
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND postgresql-doc-8.1 is earlier than 8.1.11-0etch1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section postgresql-client-8.1 is earlier than 8.1.11-0etch1 AND postgresql-8.1 is earlier than 8.1.11-0etch1 AND postgresql-pltcl-8.1 is earlier than 8.1.11-0etch1 AND libecpg5 is earlier than 8.1.11-0etch1 AND postgresql-contrib-8.1 is earlier than 8.1.11-0etch1 AND postgresql-server-dev-8.1 is earlier than 8.1.11-0etch1 AND postgresql-plpython-8.1 is earlier than 8.1.11-0etch1 AND libecpg-dev is earlier than 8.1.11-0etch1 AND libpgtypes2 is earlier than 8.1.11-0etch1 AND libpq4 is earlier than 8.1.11-0etch1 AND libpq-dev is earlier than 8.1.11-0etch1 AND postgresql-plperl-8.1 is earlier than 8.1.11-0etch1 AND libecpg-compat2 is earlier than 8.1.11-0etch1

Definition Id: oval:org.mitre.oval:def:8199

Oval ID:	oval:org.mitre.oval:def:8199
Title:	DSA-1463 postgresql-7.4 -- several vulnerabilities
Description:	Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905. For the old stable distribution (sarge), some of these problems have been fixed in version 7.4.7-6sarge6 of the postgresql package. Please note that the fix for CVE-2007-6600 and for the handling of regular expressions haven’t been backported due to the intrusiveness of the fix. We recommend to upgrade to the stable distribution if these vulnerabilities affect your setup. For the stable distribution (etch), these problems have been fixed in version 7.4.19-0etch1. The unstable distribution (sid) no longer contains postgres-7.4. We recommend that you upgrade your postgresql-7.4 packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1463 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	3
Platform(s):	Debian GNU/Linux 4.0 Debian GNU/Linux 3.1	Product(s):	postgresql-7.4
Definition Synopsis:
Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section postgresql-server-dev-7.4 is earlier than 7.4.19-0etch1 AND postgresql-doc-7.4 is earlier than 7.4.19-0etch1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section postgresql-7.4 is earlier than 7.4.19-0etch1 AND postgresql-plpython-7.4 is earlier than 7.4.19-0etch1 AND postgresql-contrib-7.4 is earlier than 7.4.19-0etch1 AND postgresql-client-7.4 is earlier than 7.4.19-0etch1 AND postgresql-plperl-7.4 is earlier than 7.4.19-0etch1 AND postgresql-pltcl-7.4 is earlier than 7.4.19-0etch1 OR Release section Debian GNU/Linux 3.1 is installed AND Architecture section Architecture independent section Installed architecture is all AND postgresql-doc is earlier than 7.4.7-6sarge6 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is m68k AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section libpgtcl is earlier than 7.4.7-6sarge6 AND postgresql is earlier than 7.4.7-6sarge6 AND libecpg4 is earlier than 7.4.7-6sarge6 AND postgresql-contrib is earlier than 7.4.7-6sarge6 AND libpq3 is earlier than 7.4.7-6sarge6 AND libecpg-dev is earlier than 7.4.7-6sarge6 AND libpgtcl-dev is earlier than 7.4.7-6sarge6 AND postgresql-dev is earlier than 7.4.7-6sarge6 AND postgresql-client is earlier than 7.4.7-6sarge6

Definition Id: oval:org.mitre.oval:def:9804

Oval ID:	oval:org.mitre.oval:def:9804
Title:	The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
Description:	The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-4769	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section postgresql is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-docs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-pl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-tcl is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-libs is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-contrib is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-python is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-test is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-jdbc is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-server is earlier than 0:7.4.19-1.el4_6.1 AND postgresql-devel is earlier than 0:7.4.19-1.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section postgresql is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-docs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-pl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-libs is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-contrib is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-python is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-test is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-server is earlier than 0:8.1.11-1.el5_1.1 AND postgresql-devel is earlier than 0:8.1.11-1.el5_1.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Postgresql cpe:2.3:a:postgresql:postgresql:8.2.5:::::::* cpe:2.3:a:postgresql:postgresql:8.2.4:::::::* cpe:2.3:a:postgresql:postgresql:8.2.3:::::::* cpe:2.3:a:postgresql:postgresql:8.2.2:::::::* cpe:2.3:a:postgresql:postgresql:8.2.1:::::::* cpe:2.3:a:postgresql:postgresql:8.2.0:::::::* cpe:2.3:a:postgresql:postgresql:8.2:::::::* cpe:2.3:a:postgresql:postgresql:8.1.9:::::::* cpe:2.3:a:postgresql:postgresql:8.1.8:::::::* cpe:2.3:a:postgresql:postgresql:8.1.7:::::::* cpe:2.3:a:postgresql:postgresql:8.1.6:::::::* cpe:2.3:a:postgresql:postgresql:8.1.5:::::::* cpe:2.3:a:postgresql:postgresql:8.1.4:::::::* cpe:2.3:a:postgresql:postgresql:8.1.3:::::::* cpe:2.3:a:postgresql:postgresql:8.1.23:::::::* cpe:2.3:a:postgresql:postgresql:8.1.22:::::::* cpe:2.3:a:postgresql:postgresql:8.1.21:::::::* cpe:2.3:a:postgresql:postgresql:8.1.20:::::::* cpe:2.3:a:postgresql:postgresql:8.1.2:::::::* cpe:2.3:a:postgresql:postgresql:8.1.19:::::::* cpe:2.3:a:postgresql:postgresql:8.1.18:::::::* cpe:2.3:a:postgresql:postgresql:8.1.17:::::::* cpe:2.3:a:postgresql:postgresql:8.1.16:::::::* cpe:2.3:a:postgresql:postgresql:8.1.15:::::::* cpe:2.3:a:postgresql:postgresql:8.1.14:::::::* cpe:2.3:a:postgresql:postgresql:8.1.13:::::::* cpe:2.3:a:postgresql:postgresql:8.1.12:::::::* cpe:2.3:a:postgresql:postgresql:8.1.11:::::::* cpe:2.3:a:postgresql:postgresql:8.1.10:::::::* cpe:2.3:a:postgresql:postgresql:8.1.1:::::::* cpe:2.3:a:postgresql:postgresql:8.1.0:::::::* cpe:2.3:a:postgresql:postgresql:8.1:::::::* cpe:2.3:a:postgresql:postgresql:8.0.9:::::::* cpe:2.3:a:postgresql:postgresql:8.0.8:::::::* cpe:2.3:a:postgresql:postgresql:8.0.7:::::::* cpe:2.3:a:postgresql:postgresql:8.0.6:::::::* cpe:2.3:a:postgresql:postgresql:8.0.5:::::::* cpe:2.3:a:postgresql:postgresql:8.0.4:::::::* cpe:2.3:a:postgresql:postgresql:8.0.317:::::::* cpe:2.3:a:postgresql:postgresql:8.0.3:::::::* cpe:2.3:a:postgresql:postgresql:8.0.26:::::::* cpe:2.3:a:postgresql:postgresql:8.0.25:::::::* cpe:2.3:a:postgresql:postgresql:8.0.24:::::::* cpe:2.3:a:postgresql:postgresql:8.0.23:::::::* cpe:2.3:a:postgresql:postgresql:8.0.22:::::::* cpe:2.3:a:postgresql:postgresql:8.0.21:::::::* cpe:2.3:a:postgresql:postgresql:8.0.20:::::::* cpe:2.3:a:postgresql:postgresql:8.0.2:::::::* cpe:2.3:a:postgresql:postgresql:8.0.19:::::::* cpe:2.3:a:postgresql:postgresql:8.0.18:::::::* cpe:2.3:a:postgresql:postgresql:8.0.17:::::::* cpe:2.3:a:postgresql:postgresql:8.0.16:::::::* cpe:2.3:a:postgresql:postgresql:8.0.15:::::::* cpe:2.3:a:postgresql:postgresql:8.0.14:::::::* cpe:2.3:a:postgresql:postgresql:8.0.13:::::::* cpe:2.3:a:postgresql:postgresql:8.0.12:::::::* cpe:2.3:a:postgresql:postgresql:8.0.11:::::::* cpe:2.3:a:postgresql:postgresql:8.0.10:::::::* cpe:2.3:a:postgresql:postgresql:8.0.1:::::::* cpe:2.3:a:postgresql:postgresql:8.0.0:::::::* cpe:2.3:a:postgresql:postgresql:8.0:::::::* cpe:2.3:a:postgresql:postgresql:7.4.9:::::::* cpe:2.3:a:postgresql:postgresql:7.4.8:::::::* cpe:2.3:a:postgresql:postgresql:7.4.7:::::::* cpe:2.3:a:postgresql:postgresql:7.4.6:::::::* cpe:2.3:a:postgresql:postgresql:7.4.5:::::::* cpe:2.3:a:postgresql:postgresql:7.4.4:::::::* cpe:2.3:a:postgresql:postgresql:7.4.30:::::::* cpe:2.3:a:postgresql:postgresql:7.4.3:::::::* cpe:2.3:a:postgresql:postgresql:7.4.29:::::::* cpe:2.3:a:postgresql:postgresql:7.4.28:::::::* cpe:2.3:a:postgresql:postgresql:7.4.27:::::::* cpe:2.3:a:postgresql:postgresql:7.4.26:::::::* cpe:2.3:a:postgresql:postgresql:7.4.25:::::::* cpe:2.3:a:postgresql:postgresql:7.4.24:::::::* cpe:2.3:a:postgresql:postgresql:7.4.23:::::::* cpe:2.3:a:postgresql:postgresql:7.4.22:::::::* cpe:2.3:a:postgresql:postgresql:7.4.21:::::::* cpe:2.3:a:postgresql:postgresql:7.4.20:::::::* cpe:2.3:a:postgresql:postgresql:7.4.2:::::::* cpe:2.3:a:postgresql:postgresql:7.4.19:::::::* cpe:2.3:a:postgresql:postgresql:7.4.18:::::::* cpe:2.3:a:postgresql:postgresql:7.4.17:::::::* cpe:2.3:a:postgresql:postgresql:7.4.16:::::::* cpe:2.3:a:postgresql:postgresql:7.4.15:::::::* cpe:2.3:a:postgresql:postgresql:7.4.14:::::::* cpe:2.3:a:postgresql:postgresql:7.4.13:::::::* cpe:2.3:a:postgresql:postgresql:7.4.12:::::::* cpe:2.3:a:postgresql:postgresql:7.4.11:::::::* cpe:2.3:a:postgresql:postgresql:7.4.10:::::::* cpe:2.3:a:postgresql:postgresql:7.4.1:::::::* cpe:2.3:a:postgresql:postgresql:7.4:::::::* cpe:2.3:a:postgresql:postgresql:7.3.9:::::::* cpe:2.3:a:postgresql:postgresql:7.3.8:::::::* cpe:2.3:a:postgresql:postgresql:7.3.7:::::::* cpe:2.3:a:postgresql:postgresql:7.3.6:::::::* cpe:2.3:a:postgresql:postgresql:7.3.5:::::::* cpe:2.3:a:postgresql:postgresql:7.3.4:::::::* cpe:2.3:a:postgresql:postgresql:7.3.3:::::::* cpe:2.3:a:postgresql:postgresql:7.3.21:::::::* cpe:2.3:a:postgresql:postgresql:7.3.20:::::::* cpe:2.3:a:postgresql:postgresql:7.3.2:::::::* cpe:2.3:a:postgresql:postgresql:7.3.19:::::::* cpe:2.3:a:postgresql:postgresql:7.3.18:::::::* cpe:2.3:a:postgresql:postgresql:7.3.17:::::::* cpe:2.3:a:postgresql:postgresql:7.3.16:::::::* cpe:2.3:a:postgresql:postgresql:7.3.15:::::::* cpe:2.3:a:postgresql:postgresql:7.3.14:::::::* cpe:2.3:a:postgresql:postgresql:7.3.13:::::::* cpe:2.3:a:postgresql:postgresql:7.3.12:::::::* cpe:2.3:a:postgresql:postgresql:7.3.11:::::::* cpe:2.3:a:postgresql:postgresql:7.3.10:::::::* cpe:2.3:a:postgresql:postgresql:7.3.1:::::::* cpe:2.3:a:postgresql:postgresql:7.3.0:::::::* cpe:2.3:a:postgresql:postgresql:7.3:::::::* cpe:2.3:a:postgresql:postgresql:7.2.8:::::::* cpe:2.3:a:postgresql:postgresql:7.2.7:::::::* cpe:2.3:a:postgresql:postgresql:7.2.6:::::::* cpe:2.3:a:postgresql:postgresql:7.2.5:::::::* cpe:2.3:a:postgresql:postgresql:7.2.4:::::::* cpe:2.3:a:postgresql:postgresql:7.2.3:::::::* cpe:2.3:a:postgresql:postgresql:7.2.2:::::::* cpe:2.3:a:postgresql:postgresql:7.2.1:::::::* cpe:2.3:a:postgresql:postgresql:7.2:::::::* cpe:2.3:a:postgresql:postgresql:7.1.3:::::::* cpe:2.3:a:postgresql:postgresql:7.1.2:::::::* cpe:2.3:a:postgresql:postgresql:7.1.1:::::::* cpe:2.3:a:postgresql:postgresql:7.1:::::::* cpe:2.3:a:postgresql:postgresql:7.0.3:::::::* cpe:2.3:a:postgresql:postgresql:7.0.2:::::::* cpe:2.3:a:postgresql:postgresql:7.0.1:::::::* cpe:2.3:a:postgresql:postgresql:7.0:::::::* cpe:2.3:a:postgresql:postgresql:6.5.3.1:::::::* cpe:2.3:a:postgresql:postgresql:6.5.3:::::::* cpe:2.3:a:postgresql:postgresql:6.5.2:::::::* cpe:2.3:a:postgresql:postgresql:6.5.1:::::::* cpe:2.3:a:postgresql:postgresql:6.5.0:::::::* cpe:2.3:a:postgresql:postgresql:6.5:::::::* cpe:2.3:a:postgresql:postgresql:6.4.2:::::::* cpe:2.3:a:postgresql:postgresql:6.4.1:::::::* cpe:2.3:a:postgresql:postgresql:6.4:::::::* cpe:2.3:a:postgresql:postgresql:6.3.2:::::::* cpe:2.3:a:postgresql:postgresql:6.3.1:::::::* cpe:2.3:a:postgresql:postgresql:6.3:::::::* cpe:2.3:a:postgresql:postgresql:6.2.1:::::::* cpe:2.3:a:postgresql:postgresql:6.2:::::::* cpe:2.3:a:postgresql:postgresql:6.1.1:::::::* cpe:2.3:a:postgresql:postgresql:6.1:::::::* cpe:2.3:a:postgresql:postgresql:6.0:::::::* cpe:2.3:a:postgresql:postgresql:1.09:::::::* cpe:2.3:a:postgresql:postgresql:1.08:::::::* cpe:2.3:a:postgresql:postgresql:1.02:::::::* cpe:2.3:a:postgresql:postgresql:1.01:::::::* cpe:2.3:a:postgresql:postgresql:1.0:::::::* cpe:2.3:a:postgresql:postgresql:::::::: cpe:2.3:a:postgresql:postgresql:-:::::debian:: cpe:2.3:a:postgresql:postgresql:-:::::ubuntu:: cpe:2.3:a:postgresql:postgresql:-:::::::*	158
Application	Tcl Tcl/Tk cpe:2.3:a:tcl:tcl/tk::::::::	1
Application	Tcl Tk cpe:2.3:a:tcl_tk:tcl_tk:8.4b2:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4b1:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4a4:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4a3:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4a2:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.9:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.8:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.7:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.6:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.5:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.4:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.3:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.2:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.16:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.15:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.14:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.13:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.12:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.11:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.10:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.1:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.4.0:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.3.5:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.3.4:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.3.3:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.3.2:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.3.1:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.3.0:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.2.3:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.2.2:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.2.1:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.2.0:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.1.1:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.1:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.0p2:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.0.5:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.0.4:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.0.3:::::::* cpe:2.3:a:tcl_tk:tcl_tk:8.0:::::::* cpe:2.3:a:tcl_tk:tcl_tk:7.6p2:::::::* cpe:2.3:a:tcl_tk:tcl_tk:7.6:::::::* cpe:2.3:a:tcl_tk:tcl_tk:7.5p1:::::::* cpe:2.3:a:tcl_tk:tcl_tk:7.5:::::::* cpe:2.3:a:tcl_tk:tcl_tk:7.4:::::::* cpe:2.3:a:tcl_tk:tcl_tk:7.3:::::::* cpe:2.3:a:tcl_tk:tcl_tk:7.1:::::::* cpe:2.3:a:tcl_tk:tcl_tk:7.0:::::::* cpe:2.3:a:tcl_tk:tcl_tk:6.7:::::::* cpe:2.3:a:tcl_tk:tcl_tk:6.6:::::::* cpe:2.3:a:tcl_tk:tcl_tk:6.5:::::::* cpe:2.3:a:tcl_tk:tcl_tk:6.4:::::::* cpe:2.3:a:tcl_tk:tcl_tk:6.2:::::::* cpe:2.3:a:tcl_tk:tcl_tk:6.1p1:::::::* cpe:2.3:a:tcl_tk:tcl_tk:6.1:::::::* cpe:2.3:a:tcl_tk:tcl_tk:4.0p1:::::::* cpe:2.3:a:tcl_tk:tcl_tk:3.3:::::::* cpe:2.3:a:tcl_tk:tcl_tk:2.1:::::::*	57
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::	4
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:4.0:::::::* cpe:2.3:o:debian:debian_linux:3.1:::::::*	2
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:8:::::::* cpe:2.3:o:fedoraproject:fedora:7:::::::*	2

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for rh-postgresql CESA-2009:1485 centos3 i386 File : nvt/gb_CESA-2009_1485_rh-postgresql_centos3_i386.nasl
2011-08-09	Name : CentOS Update for postgresql CESA-2009:1484 centos5 i386 File : nvt/gb_CESA-2009_1484_postgresql_centos5_i386.nasl
2011-08-09	Name : CentOS Update for postgresql CESA-2009:1484 centos4 i386 File : nvt/gb_CESA-2009_1484_postgresql_centos4_i386.nasl
2009-12-30	Name : FreeBSD Ports: postgresql-client, postgresql-server File : nvt/freebsd_postgresql-client.nasl
2009-12-14	Name : Mandriva Security Advisory MDVSA-2009:251-1 (postgresql8.2) File : nvt/mdksa_2009_251_1.nasl
2009-10-13	Name : RedHat Security Advisory RHSA-2009:1484 File : nvt/RHSA_2009_1484.nasl
2009-10-13	Name : SLES10: Security update for PostgreSQL File : nvt/sles10_postgresql1.nasl
2009-10-13	Name : CentOS Security Advisory CESA-2009:1485 (postgresql) File : nvt/ovcesa2009_1485.nasl
2009-10-13	Name : CentOS Security Advisory CESA-2009:1484 (postgresql) File : nvt/ovcesa2009_1484.nasl
2009-10-13	Name : RedHat Security Advisory RHSA-2009:1485 File : nvt/RHSA_2009_1485.nasl
2009-10-10	Name : SLES9: Security update for postgresql File : nvt/sles9p5021809.nasl
2009-09-28	Name : Ubuntu USN-834-1 (postgresql-8.3) File : nvt/ubuntu_834_1.nasl
2009-09-28	Name : RedHat Security Advisory RHSA-2009:1461 File : nvt/RHSA_2009_1461.nasl
2009-09-15	Name : Fedora Core 10 FEDORA-2009-9474 (postgresql) File : nvt/fcore_2009_9474.nasl
2009-09-15	Name : Fedora Core 11 FEDORA-2009-9473 (postgresql) File : nvt/fcore_2009_9473.nasl
2009-04-09	Name : Mandriva Update for tcl MDVSA-2008:059 (tcl) File : nvt/gb_mandriva_MDVSA_2008_059.nasl
2009-04-09	Name : Mandriva Update for postgresql MDVSA-2008:004 (postgresql) File : nvt/gb_mandriva_MDVSA_2008_004.nasl
2009-04-09	Name : Mandriva Update for postgresql MDKSA-2007:188 (postgresql) File : nvt/gb_mandriva_MDKSA_2007_188.nasl
2009-03-23	Name : Ubuntu Update for postgresql vulnerabilities USN-568-1 File : nvt/gb_ubuntu_USN_568_1.nasl
2009-03-06	Name : RedHat Update for postgresql RHSA-2008:0038-01 File : nvt/gb_RHSA-2008_0038-01_postgresql.nasl
2009-03-06	Name : RedHat Update for postgresql RHSA-2008:0039-01 File : nvt/gb_RHSA-2008_0039-01_postgresql.nasl
2009-03-06	Name : RedHat Update for tcltk RHSA-2008:0134-01 File : nvt/gb_RHSA-2008_0134-01_tcltk.nasl
2009-02-27	Name : CentOS Update for postgresql CESA-2008:0038 centos4 x86_64 File : nvt/gb_CESA-2008_0038_postgresql_centos4_x86_64.nasl
2009-02-27	Name : CentOS Update for expect CESA-2008:0134 centos3 x86_64 File : nvt/gb_CESA-2008_0134_expect_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for expect CESA-2008:0134 centos3 i386 File : nvt/gb_CESA-2008_0134_expect_centos3_i386.nasl
2009-02-27	Name : CentOS Update for tcltk CESA-2008:0134-01 centos2 i386 File : nvt/gb_CESA-2008_0134-01_tcltk_centos2_i386.nasl
2009-02-27	Name : CentOS Update for rh-postgresql CESA-2008:0039 centos3 x86_64 File : nvt/gb_CESA-2008_0039_rh-postgresql_centos3_x86_64.nasl
2009-02-27	Name : CentOS Update for rh-postgresql CESA-2008:0039 centos3 i386 File : nvt/gb_CESA-2008_0039_rh-postgresql_centos3_i386.nasl
2009-02-27	Name : CentOS Update for postgresql CESA-2008:0038 centos4 i386 File : nvt/gb_CESA-2008_0038_postgresql_centos4_i386.nasl
2009-02-17	Name : Fedora Update for postgresql FEDORA-2008-0552 File : nvt/gb_fedora_2008_0552_postgresql_fc7.nasl
2009-02-17	Name : Fedora Update for postgresql FEDORA-2008-0478 File : nvt/gb_fedora_2008_0478_postgresql_fc8.nasl
2009-01-23	Name : SuSE Update for postgresql SUSE-SA:2008:005 File : nvt/gb_suse_2008_005.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200801-15 (postgresql) File : nvt/glsa_200801_15.nasl
2008-09-04	Name : FreeBSD Ports: postgresql, postgresql-server File : nvt/freebsd_postgresql4.nasl
2008-01-31	Name : Debian Security Advisory DSA 1463-1 (postgresql-7.4) File : nvt/deb_1463_1.nasl
2008-01-31	Name : Debian Security Advisory DSA 1460-1 (postgresql-8.1) File : nvt/deb_1460_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
40906	TCL in PostgreSQL Out-of-bounds Backref Number Remote DoS
40905	TCL in PostgreSQL Crafted Regexp Infinite Loop Remote DoS
40904	PostgreSQL Multiple Operation Remote Privilege Escalation
40903	PostgreSQL DBLink Module Unspecified Remote Privilege Escalation
40902	TCL in PostgreSQL Regular Expression Parser Crafted Doubly-nested State Regex...
40899	PostgreSQL dblink host Variable Crafted Localhost Proxy Remote Privilege Esca...

Nessus® Vulnerability Scanner

Date	Description
2016-03-08	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0677-1.nasl - Type : ACT_GATHER_INFO
2016-02-26	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-271.nasl - Type : ACT_GATHER_INFO
2016-02-25	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0555-1.nasl - Type : ACT_GATHER_INFO
2016-02-24	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-253.nasl - Type : ACT_GATHER_INFO
2016-02-23	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0539-1.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0122.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0134.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0039.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0038.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130108_tcl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0122.nasl - Type : ACT_GATHER_INFO
2013-01-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0122.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080111_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080221_tcltk_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091007_postgresql_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2009-12-17	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e7bc5600eaa011debd9c00215c6a37bb.nasl - Type : ACT_GATHER_INFO
2009-12-16	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-333.nasl - Type : ACT_GATHER_INFO
2009-10-08	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2009-10-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1485.nasl - Type : ACT_GATHER_INFO
2009-10-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1484.nasl - Type : ACT_GATHER_INFO
2009-10-02	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-251.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12065.nasl - Type : ACT_GATHER_INFO
2009-09-22	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-834-1.nasl - Type : ACT_GATHER_INFO
2009-09-14	Name : The remote Fedora host is missing a security update. File : fedora_2009-9474.nasl - Type : ACT_GATHER_INFO
2009-09-14	Name : The remote Fedora host is missing a security update. File : fedora_2009-9473.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0009.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-059.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-004.nasl - Type : ACT_GATHER_INFO
2008-04-28	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_51436b4c125011ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO
2008-02-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0134.nasl - Type : ACT_GATHER_INFO
2008-02-25	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0134.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote openSUSE host is missing a security update. File : suse_postgresql-4955.nasl - Type : ACT_GATHER_INFO
2008-02-06	Name : The remote openSUSE host is missing a security update. File : suse_postgresql-4958.nasl - Type : ACT_GATHER_INFO
2008-02-06	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postgresql-4962.nasl - Type : ACT_GATHER_INFO
2008-01-29	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200801-15.nasl - Type : ACT_GATHER_INFO
2008-01-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-568-1.nasl - Type : ACT_GATHER_INFO
2008-01-15	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1463.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0039.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0038.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1460.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0038.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote Fedora host is missing a security update. File : fedora_2008-0478.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote Fedora host is missing a security update. File : fedora_2008-0552.nasl - Type : ACT_GATHER_INFO
2008-01-14	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0039.nasl - Type : ACT_GATHER_INFO
2007-09-26	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-188.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	7
Oval ID(s)	15
CPE ID(s)	224
osvdb(s)	6
Openvas Exploit(s)	36
Nessus® Exploit(s)	48

	Related
7.2	CVE-2007-6601
6.9	CVE-2007-3278
6.8	CVE-2007-6067
6.8	CVE-2007-4769
6.5	CVE-2007-6600
4	CVE-2007-4772
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)