Vulnerabilities > CVE-2007-0556 - Information Disclosure and Denial of Service vulnerability in PostgreSQL
Attack vector
NETWORK Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
COMPLETE Summary
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200703-15.NASL description The remote host is affected by the vulnerability described in GLSA-200703-15 (PostgreSQL: Multiple vulnerabilities) PostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner. Impact : A remote authenticated attacker could send specially crafted queries to the server that could result in a server crash and possibly the unauthorized reading of some database content or arbitrary memory. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24840 published 2007-03-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24840 title GLSA-200703-15 : PostgreSQL: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200703-15. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(24840); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-0555", "CVE-2007-0556"); script_bugtraq_id(22387); script_xref(name:"GLSA", value:"200703-15"); script_name(english:"GLSA-200703-15 : PostgreSQL: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200703-15 (PostgreSQL: Multiple vulnerabilities) PostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner. Impact : A remote authenticated attacker could send specially crafted queries to the server that could result in a server crash and possibly the unauthorized reading of some database content or arbitrary memory. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200703-15" ); script_set_attribute( attribute:"solution", value: "All PostgreSQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose 'dev-db/postgresql'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:postgresql"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/18"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-db/postgresql", unaffected:make_list("ge 8.0.11", "rge 7.4.17", "rge 7.4.16", "rge 7.3.19", "rge 7.3.13", "rge 7.3.21", "rge 7.4.19"), vulnerable:make_list("lt 8.0.11"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PostgreSQL"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-417-1.NASL description Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. An authenticated attacker could exploit this to crash the database server or read out arbitrary locations in the server last seen 2020-06-01 modified 2020-06-02 plugin id 28007 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28007 title Ubuntu 5.10 / 6.06 LTS / 6.10 : postgresql-7.4/-8.0/-8.1 vulnerabilities (USN-417-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-417-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28007); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-0555", "CVE-2007-0556"); script_xref(name:"USN", value:"417-1"); script_name(english:"Ubuntu 5.10 / 6.06 LTS / 6.10 : postgresql-7.4/-8.0/-8.1 vulnerabilities (USN-417-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. An authenticated attacker could exploit this to crash the database server or read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see. (CVE-2007-0555) Jeff Trout reported that the query planner did not verify that a table was still compatible with a previously made query plan. By using ALTER COLUMN TYPE during query execution, an attacker could exploit this to read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see. (CVE-2007-0556). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/417-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libecpg-compat2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libecpg-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libecpg5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpgtypes2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpq-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpq3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpq4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-7.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.10|6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.10 / 6.06 / 6.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.10", pkgname:"libecpg-compat2", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libecpg-dev", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libecpg5", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libpgtypes2", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libpq-dev", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libpq3", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libpq4", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-7.4", pkgver:"1:7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-client-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-client-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-contrib-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-contrib-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-doc-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-doc-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-plperl-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-plperl-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-plpython-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-plpython-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-pltcl-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-pltcl-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-server-dev-7.4", pkgver:"7.4.8-17ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"postgresql-server-dev-8.0", pkgver:"8.0.3-15ubuntu2.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libecpg-compat2", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libecpg-dev", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libecpg5", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libpgtypes2", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libpq-dev", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libpq4", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-client-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-contrib-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-doc-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-plperl-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-plpython-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-pltcl-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"postgresql-server-dev-8.1", pkgver:"8.1.4-0ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libecpg-compat2", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libecpg-dev", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libecpg5", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libpgtypes2", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libpq-dev", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libpq4", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-client-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-contrib-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-doc-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-plperl-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-plpython-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-pltcl-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"postgresql-server-dev-8.1", pkgver:"8.1.4-7ubuntu0.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libecpg-compat2 / libecpg-dev / libecpg5 / libpgtypes2 / libpq-dev / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0068.NASL description Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues (CVE-2007-0555, CVE-2007-0556). Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542). Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.8 which corrects these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25315 published 2007-05-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25315 title RHEL 5 : postgresql (RHSA-2007:0068) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0068. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(25315); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2006-5540", "CVE-2006-5541", "CVE-2006-5542", "CVE-2007-0555", "CVE-2007-0556"); script_bugtraq_id(22387); script_xref(name:"RHSA", value:"2007:0068"); script_name(english:"RHEL 5 : postgresql (RHSA-2007:0068)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues (CVE-2007-0555, CVE-2007-0556). Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542). Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.8 which corrects these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-5540" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-5541" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-5542" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0555" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-0556" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0068" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-tcl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/26"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0068"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-contrib-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-contrib-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-contrib-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"postgresql-devel-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-docs-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-docs-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-docs-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"postgresql-libs-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-pl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-pl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-pl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-python-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-python-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-python-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-server-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-server-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-server-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-tcl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-tcl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-tcl-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"postgresql-test-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"postgresql-test-8.1.8-1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"postgresql-test-8.1.8-1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / postgresql-contrib / postgresql-devel / etc"); } }NASL family Fedora Local Security Checks NASL id FEDORA_2007-198.NASL description - Sun Feb 4 2007 Tom Lane <tgl at redhat.com> 8.1.7-1 - Update to PostgreSQL 8.1.7 to fix CVE-2007-0555, CVE-2007-0556 Related: #225496 - Wed Jan 10 2007 Tom Lane <tgl at redhat.com> 8.1.6-1 - Update to PostgreSQL 8.1.6 - Mon Dec 11 2006 Tom Lane <tgl at redhat.com> 8.1.5-1 - Update to PostgreSQL 8.1.5 - Update to PyGreSQL 3.8.1 - Adjust init script to not fool /etc/rc.d/rc Resolves: #161470 - Fix chcon arguments in test/regress/Makefile Resolves: #201035 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24302 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24302 title Fedora Core 5 : postgresql-8.1.7-1.fc5 (2007-198) NASL family SuSE Local Security Checks NASL id SUSE9_11509.NASL description This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. (CVE-2007-0555 CVE-2007-0556) last seen 2020-06-01 modified 2020-06-02 plugin id 41132 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41132 title SuSE9 Security Update : PostgreSQL (YOU Patch Number 11509) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-417-2.NASL description USN-417-1 fixed several vulnerabilities in the PostgreSQL server. Unfortunately this update had a regression that caused some valid queries to be aborted with a type error. This update corrects that problem. We apologize for the inconvenience. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28008 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28008 title Ubuntu 6.06 LTS / 6.10 : postgresql-8.1 regression (USN-417-2) NASL family Fedora Local Security Checks NASL id FEDORA_2007-197.NASL description - Sun Feb 4 2007 Tom Lane <tgl at redhat.com> 8.1.7-1 - Update to PostgreSQL 8.1.7 to fix CVE-2007-0555, CVE-2007-0556 Related: #225496 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24301 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24301 title Fedora Core 6 : postgresql-8.1.7-1.fc6 (2007-197) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-037.NASL description Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server last seen 2020-06-01 modified 2020-06-02 plugin id 24650 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24650 title Mandrake Linux Security Advisory : postgresql (MDKSA-2007:037-1) NASL family SuSE Local Security Checks NASL id SUSE_POSTGRESQL-3244.NASL description This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. (CVE-2007-0555 / CVE-2007-0556) last seen 2020-06-01 modified 2020-06-02 plugin id 29558 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29558 title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 3244) NASL family SuSE Local Security Checks NASL id SUSE_POSTGRESQL-3243.NASL description This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. (CVE-2007-0555, CVE-2007-0556) last seen 2020-06-01 modified 2020-06-02 plugin id 27401 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27401 title openSUSE 10 Security Update : postgresql (postgresql-3243)
Oval
| accepted | 2013-04-29T04:13:28.441-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:11353 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. | ||||||||||||
| version | 18 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://fedoranews.org/cms/node/2554
- http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html
- http://osvdb.org/33302
- http://secunia.com/advisories/24028
- http://secunia.com/advisories/24033
- http://secunia.com/advisories/24042
- http://secunia.com/advisories/24050
- http://secunia.com/advisories/24057
- http://secunia.com/advisories/24151
- http://secunia.com/advisories/24315
- http://secunia.com/advisories/24513
- http://secunia.com/advisories/24577
- http://secunia.com/advisories/25220
- http://security.gentoo.org/glsa/glsa-200703-15.xml
- http://securitytracker.com/id?1017597
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:037
- http://www.novell.com/linux/security/advisories/2007_10_sr.html
- http://www.postgresql.org/support/security
- http://www.redhat.com/support/errata/RHSA-2007-0067.html
- http://www.redhat.com/support/errata/RHSA-2007-0068.html
- http://www.securityfocus.com/archive/1/459280/100/0/threaded
- http://www.securityfocus.com/archive/1/459448/100/0/threaded
- http://www.securityfocus.com/bid/22387
- http://www.trustix.org/errata/2007/0007
- http://www.ubuntu.com/usn/usn-417-2
- http://www.vupen.com/english/advisories/2007/0478
- http://www.vupen.com/english/advisories/2007/0774
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32191
- https://issues.rpath.com/browse/RPL-1025
- https://issues.rpath.com/browse/RPL-830
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11353
- https://usn.ubuntu.com/417-1/