Vulnerabilities > CVE-2007-0556 - Unspecified vulnerability in Postgresql

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

postgresql

nessus

NVD

Published: 2007-02-06

Updated: 2024-11-21

Summary

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

Vulnerable Configurations

Part	Description	Count
Application	Postgresql Postgresql Postgresql 7.4.16 Postgresql Postgresql 8.1.6 Postgresql Postgresql 8.0.7 Postgresql Postgresql 8.0.2 Postgresql Postgresql 7.2.7 Postgresql Postgresql 7.3.3 Postgresql Postgresql 6.2.1 Postgresql Postgresql 1.01 Postgresql Postgresql 6.3 Postgresql Postgresql 6.1 Postgresql Postgresql 7.2 Postgresql Postgresql 1.09 Postgresql Postgresql 6.4.1 Postgresql Postgresql 7.3 Postgresql Postgresql 8.0.10 Postgresql Postgresql 8.1 Postgresql Postgresql 6.3.2 Postgresql Postgresql 6.3.1 Postgresql Postgresql 7.4.15 Postgresql Postgresql 8.0.9 Postgresql Postgresql 7.4.1 Postgresql Postgresql 7.3.9 Postgresql Postgresql 7.3.10 Postgresql Postgresql 7.2.3 Postgresql Postgresql 7.2.6 Postgresql Postgresql 6.5 Postgresql Postgresql 8.1.3 Postgresql Postgresql 7.4.14 Postgresql Postgresql 7.4.6 Postgresql Postgresql 7.3.18 Postgresql Postgresql 7.1.1 Postgresql Postgresql 7.4.11 Postgresql Postgresql 7.3.16 Postgresql Postgresql 8.0.3 Postgresql Postgresql 6.4.2 Postgresql Postgresql 7.3.15 Postgresql Postgresql 7.4.7 Postgresql Postgresql 7.3.11 Postgresql Postgresql 7.1.3 Postgresql Postgresql 7.4.3 Postgresql Postgresql 7.3.6 Postgresql Postgresql 8.2.1 Postgresql Postgresql 7.0.1 Postgresql Postgresql 7.2.5 Postgresql Postgresql 6.5.2 Postgresql Postgresql 1.02 Postgresql Postgresql 7.0.3 Postgresql Postgresql 7.4.9 Postgresql Postgresql 7.4.5 Postgresql Postgresql 7.3.8 Postgresql Postgresql 8.0.8 Postgresql Postgresql 7.4.8 Postgresql Postgresql 7.0 Postgresql Postgresql 6.2 Postgresql Postgresql 7.1 Postgresql Postgresql 8.0.6 Postgresql Postgresql 7.0.2 Postgresql Postgresql 7.4 Postgresql Postgresql 7.4.4 Postgresql Postgresql 6.0 Postgresql Postgresql 6.5.1 Postgresql Postgresql 1.0 Postgresql Postgresql 7.3.13 Postgresql Postgresql 8.1.4 Postgresql Postgresql 8.0.1 Postgresql Postgresql 6.4 Postgresql Postgresql 7.2.2 Postgresql Postgresql 7.3.2 Postgresql Postgresql 7.2.8 Postgresql Postgresql 7.3.17 Postgresql Postgresql 7.3.5 Postgresql Postgresql 7.4.12 Postgresql Postgresql 7.3.12 Postgresql Postgresql 8.1.1 Postgresql Postgresql 7.2.4 Postgresql Postgresql 6.1.1 Postgresql Postgresql 8.1.5 Postgresql Postgresql 7.3.14 Postgresql Postgresql 7.3.1 Postgresql Postgresql 7.4.10 Postgresql Postgresql 8.0.4 Postgresql Postgresql 8.0.5 Postgresql Postgresql 6.5.3 Postgresql Postgresql 7.3.7 Postgresql Postgresql 8.2 Postgresql Postgresql 7.2.1 Postgresql Postgresql 7.4.2 Postgresql Postgresql 7.1.2 Postgresql Postgresql 8.0 Postgresql Postgresql 7.4.13 Postgresql Postgresql 7.3.4 Postgresql Postgresql 8.1.2	92

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200703-15.NASL
description	The remote host is affected by the vulnerability described in GLSA-200703-15 (PostgreSQL: Multiple vulnerabilities) PostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner. Impact : A remote authenticated attacker could send specially crafted queries to the server that could result in a server crash and possibly the unauthorized reading of some database content or arbitrary memory. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	24840
published	2007-03-18
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24840
title	GLSA-200703-15 : PostgreSQL: Multiple vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200703-15. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(24840); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-0555", "CVE-2007-0556"); script_bugtraq_id(22387); script_xref(name:"GLSA", value:"200703-15"); script_name(english:"GLSA-200703-15 : PostgreSQL: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200703-15 (PostgreSQL: Multiple vulnerabilities) PostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner. Impact : A remote authenticated attacker could send specially crafted queries to the server that could result in a server crash and possibly the unauthorized reading of some database content or arbitrary memory. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200703-15" ); script_set_attribute( attribute:"solution", value: "All PostgreSQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose 'dev-db/postgresql'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:postgresql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/18"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-db/postgresql", unaffected:make_list("ge 8.0.11", "rge 7.4.17", "rge 7.4.16", "rge 7.3.19", "rge 7.3.13", "rge 7.3.21", "rge 7.4.19"), vulnerable:make_list("lt 8.0.11"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PostgreSQL"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-417-1.NASL
description	Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. An authenticated attacker could exploit this to crash the database server or read out arbitrary locations in the server
last seen	2020-06-01
modified	2020-06-02
plugin id	28007
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/28007
title	Ubuntu 5.10 / 6.06 LTS / 6.10 : postgresql-7.4/-8.0/-8.1 vulnerabilities (USN-417-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-417-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28007); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-0555", "CVE-2007-0556"); script_xref(name:"USN", value:"417-1"); script_name(english:"Ubuntu 5.10 / 6.06 LTS / 6.10 : postgresql-7.4/-8.0/-8.1 vulnerabilities (USN-417-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. An authenticated attacker could exploit this to crash the database server or read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see. (CVE-2007-0555) Jeff Trout reported that the query planner did not verify that a table was still compatible with a previously made query plan. By using ALTER COLUMN TYPE during query execution, an attacker could exploit this to read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see. (CVE-2007-0556). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/417-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libecpg-compat2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libecpg-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libecpg5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpgtypes2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpq-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpq3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpq4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.10\|6\.06\|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.10 / 6.06 / 6.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.10", pkgname:"libecpg-compat2", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libecpg-dev", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libecpg5", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libpgtypes2", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libpq-dev", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libpq3", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libpq4", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-7.4", pkgver:"1:7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-client-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-client-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-contrib-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-contrib-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-doc-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-doc-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-plperl-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-plperl-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-plpython-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-plpython-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-pltcl-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-pltcl-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-server-dev-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-server-dev-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libecpg-compat2", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libecpg-dev", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libecpg5", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libpgtypes2", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libpq-dev", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libpq4", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-client-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-contrib-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-doc-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-plperl-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-plpython-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-pltcl-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-server-dev-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libecpg-compat2", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libecpg-dev", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libecpg5", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libpgtypes2", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libpq-dev", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libpq4", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-client-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-contrib-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-doc-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-plperl-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-plpython-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-pltcl-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-server-dev-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libecpg-compat2 / libecpg-dev / libecpg5 / libpgtypes2 / libpq-dev / etc"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0068.NASL
description	Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues (CVE-2007-0555, CVE-2007-0556). Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542). Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.8 which corrects these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25315
published	2007-05-25
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/25315
title	RHEL 5 : postgresql (RHSA-2007:0068)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0068. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(25315); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2006-5540", "CVE-2006-5541", "CVE-2006-5542", "CVE-2007-0555", "CVE-2007-0556"); script_bugtraq_id(22387); script_xref(name:"RHSA", value:"2007:0068"); script_name(english:"RHEL 5 : postgresql (RHSA-2007:0068)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues (CVE-2007-0555, CVE-2007-0556). Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542). Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.8 which corrects these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-5540" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-5541" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-5542" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0555" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0556" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0068" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/26"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0068"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-contrib-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-contrib-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-contrib-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"postgresql-devel-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-docs-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-docs-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-docs-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"postgresql-libs-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-pl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-pl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-pl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-python-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-python-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-python-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-server-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-server-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-server-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-tcl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-tcl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-tcl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-test-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-test-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-test-8.1.8-1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-devel / etc"); } }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-198.NASL
description	- Sun Feb 4 2007 Tom Lane <tgl at redhat.com> 8.1.7-1 - Update to PostgreSQL 8.1.7 to fix CVE-2007-0555, CVE-2007-0556 Related: #225496 - Wed Jan 10 2007 Tom Lane <tgl at redhat.com> 8.1.6-1 - Update to PostgreSQL 8.1.6 - Mon Dec 11 2006 Tom Lane <tgl at redhat.com> 8.1.5-1 - Update to PostgreSQL 8.1.5 - Update to PyGreSQL 3.8.1 - Adjust init script to not fool /etc/rc.d/rc Resolves: #161470 - Fix chcon arguments in test/regress/Makefile Resolves: #201035 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	24302
published	2007-02-09
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24302
title	Fedora Core 5 : postgresql-8.1.7-1.fc5 (2007-198)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_11509.NASL
description	This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. (CVE-2007-0555 CVE-2007-0556)
last seen	2020-06-01
modified	2020-06-02
plugin id	41132
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41132
title	SuSE9 Security Update : PostgreSQL (YOU Patch Number 11509)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-417-2.NASL
description	USN-417-1 fixed several vulnerabilities in the PostgreSQL server. Unfortunately this update had a regression that caused some valid queries to be aborted with a type error. This update corrects that problem. We apologize for the inconvenience. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	28008
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/28008
title	Ubuntu 6.06 LTS / 6.10 : postgresql-8.1 regression (USN-417-2)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-197.NASL
description	- Sun Feb 4 2007 Tom Lane <tgl at redhat.com> 8.1.7-1 - Update to PostgreSQL 8.1.7 to fix CVE-2007-0555, CVE-2007-0556 Related: #225496 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	24301
published	2007-02-09
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24301
title	Fedora Core 6 : postgresql-8.1.7-1.fc6 (2007-197)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-037.NASL
description	Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server
last seen	2020-06-01
modified	2020-06-02
plugin id	24650
published	2007-02-18
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/24650
title	Mandrake Linux Security Advisory : postgresql (MDKSA-2007:037-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_POSTGRESQL-3244.NASL
description	This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. (CVE-2007-0555 / CVE-2007-0556)
last seen	2020-06-01
modified	2020-06-02
plugin id	29558
published	2007-12-13
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29558
title	SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 3244)

NASL family	SuSE Local Security Checks
NASL id	SUSE_POSTGRESQL-3243.NASL
description	This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. (CVE-2007-0555, CVE-2007-0556)
last seen	2020-06-01
modified	2020-06-02
plugin id	27401
published	2007-10-17
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27401
title	openSUSE 10 Security Update : postgresql (postgresql-3243)

Oval

accepted

2013-04-29T04:13:28.441-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:11353

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	227688
title	Attribute type error when updating varchar column

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment postgresql-python is earlier than 0:8.1.8-1.el5
oval oval:com.redhat.rhsa:tst:20070068001
comment postgresql-python is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070068002

AND
comment postgresql-pl is earlier than 0:8.1.8-1.el5
oval oval:com.redhat.rhsa:tst:20070068003
comment postgresql-pl is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070068004

AND

comment postgresql-contrib is earlier than 0:8.1.8-1.el5
oval oval:com.redhat.rhsa:tst:20070068005
comment postgresql-contrib is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070068006

AND
comment postgresql-test is earlier than 0:8.1.8-1.el5
oval oval:com.redhat.rhsa:tst:20070068007
comment postgresql-test is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070068008
AND
comment postgresql-docs is earlier than 0:8.1.8-1.el5
oval oval:com.redhat.rhsa:tst:20070068009
comment postgresql-docs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070068010
AND
comment postgresql is earlier than 0:8.1.8-1.el5
oval oval:com.redhat.rhsa:tst:20070068011
comment postgresql is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070068012
AND
comment postgresql-tcl is earlier than 0:8.1.8-1.el5
oval oval:com.redhat.rhsa:tst:20070068013
comment postgresql-tcl is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070068014
AND
comment postgresql-libs is earlier than 0:8.1.8-1.el5
oval oval:com.redhat.rhsa:tst:20070068015
comment postgresql-libs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070068016

AND

comment postgresql-server is earlier than 0:8.1.8-1.el5
oval oval:com.redhat.rhsa:tst:20070068017
comment postgresql-server is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070068018

AND
comment postgresql-devel is earlier than 0:8.1.8-1.el5
oval oval:com.redhat.rhsa:tst:20070068019
comment postgresql-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070068020

rhsa

id	RHSA-2007:0068
released	2007-03-14
severity	Moderate
title	RHSA-2007:0068: postgresql security update (Moderate)

rhsa
id RHSA-2007:0067

rpms

postgresql-0:8.1.7-3.el4s1.1
postgresql-contrib-0:8.1.7-3.el4s1.1
postgresql-debuginfo-0:8.1.7-3.el4s1.1
postgresql-devel-0:8.1.7-3.el4s1.1
postgresql-docs-0:8.1.7-3.el4s1.1
postgresql-libs-0:8.1.7-3.el4s1.1
postgresql-pl-0:8.1.7-3.el4s1.1
postgresql-python-0:8.1.7-3.el4s1.1
postgresql-server-0:8.1.7-3.el4s1.1
postgresql-tcl-0:8.1.7-3.el4s1.1
postgresql-test-0:8.1.7-3.el4s1.1
postgresql-0:8.1.8-1.el5
postgresql-contrib-0:8.1.8-1.el5
postgresql-debuginfo-0:8.1.8-1.el5
postgresql-devel-0:8.1.8-1.el5
postgresql-docs-0:8.1.8-1.el5
postgresql-libs-0:8.1.8-1.el5
postgresql-pl-0:8.1.8-1.el5
postgresql-python-0:8.1.8-1.el5
postgresql-server-0:8.1.8-1.el5
postgresql-tcl-0:8.1.8-1.el5
postgresql-test-0:8.1.8-1.el5

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References