Vulnerabilities > CVE-2007-6067 - Numeric Errors vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
postgresql
tcl-tk
CWE-189
nessus

Summary

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

Vulnerable Configurations

Part Description Count
Application
Postgresql
56
Application
Tcl_Tk
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_51436B4C125011DDBAB70016179B2DD5.NASL
    descriptionThe PostgreSQL developers report : PostgreSQL allows users to create indexes on the results of user-defined functions, known as
    last seen2020-06-01
    modified2020-06-02
    plugin id32063
    published2008-04-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32063
    titleFreeBSD : postgresql -- multiple vulnerabilities (51436b4c-1250-11dd-bab7-0016179b2dd5)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32063);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:39");
    
      script_cve_id("CVE-2007-4769", "CVE-2007-4772", "CVE-2007-6067", "CVE-2007-6600", "CVE-2007-6601");
      script_bugtraq_id(27163);
    
      script_name(english:"FreeBSD : postgresql -- multiple vulnerabilities (51436b4c-1250-11dd-bab7-0016179b2dd5)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The PostgreSQL developers report :
    
    PostgreSQL allows users to create indexes on the results of
    user-defined functions, known as 'expression indexes'. This provided
    two vulnerabilities to privilege escalation: (1) index functions were
    executed as the superuser and not the table owner during VACUUM and
    ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were
    permitted within index functions. Both of these holes have now been
    closed.
    
    PostgreSQL allowed malicious users to initiate a denial-of-service by
    passing certain regular expressions in SQL queries. First, users could
    create infinite loops using some specific regular expressions. Second,
    certain complex regular expressions could consume excessive amounts of
    memory. Third, out-of-range backref numbers could be used to crash the
    backend.
    
    DBLink functions combined with local trust or ident authentication
    could be used by a malicious user to gain superuser privileges. This
    issue has been fixed, and does not affect users who have not installed
    DBLink (an optional module), or who are using password authentication
    for local access. This same problem was addressed in the previous
    release cycle, but that patch failed to close all forms of the
    loophole."
      );
      # http://www.postgresql.org/about/news.905
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.postgresql.org/about/news.905/"
      );
      # https://vuxml.freebsd.org/freebsd/51436b4c-1250-11dd-bab7-0016179b2dd5.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9116ac15"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(189, 264, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:postgresql-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/01/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"postgresql>=7.3<7.3.21")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql>=7.4<7.4.19")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql>=8.0<8.0.15")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql>=8.1<8.1.11")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql>=8.2<8.2.6")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=7.3<7.3.21")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=7.4<7.4.19")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=8.0<8.0.15")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=8.1<8.1.11")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"postgresql-server>=8.2<8.2.6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-004.NASL
    descriptionIndex Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067, CVE-2007-4769): three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle (see CVE-2007-3278), but that patch failed to close all forms of the loophole. Updated packages fix these issues by upgrading to the latest maintenance versions of PostgreSQL.
    last seen2020-06-01
    modified2020-06-02
    plugin id38083
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38083
    titleMandriva Linux Security Advisory : postgresql (MDVSA-2008:004)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1460.NASL
    descriptionSeveral local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. - CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.
    last seen2020-06-01
    modified2020-06-02
    plugin id29937
    published2008-01-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29937
    titleDebian DSA-1460-1 : postgresql-8.1 - several vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1463.NASL
    descriptionSeveral local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. - CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. - CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.
    last seen2020-06-01
    modified2020-06-02
    plugin id29968
    published2008-01-15
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29968
    titleDebian DSA-1463-1 : postgresql-7.4 - several vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-568-1.NASL
    descriptionNico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. (CVE-2007-3278, CVE-2007-6601) It was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) It was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges. (CVE-2007-6600). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id29978
    published2008-01-15
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29978
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : postgresql vulnerabilities (USN-568-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130108_TCL_ON_SL5_X.NASL
    descriptionTwo denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug : - Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command.
    last seen2020-03-18
    modified2013-01-17
    plugin id63605
    published2013-01-17
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63605
    titleScientific Linux Security Update : tcl on SL5.x i386/x86_64 (20130108)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0122.NASL
    descriptionUpdated tcl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Tcl (Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug : * Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command. (BZ#478961) All users of Tcl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id63567
    published2013-01-17
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63567
    titleCentOS 5 : tcl (CESA-2013:0122)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0122.NASL
    descriptionFrom Red Hat Security Advisory 2013:0122 : Updated tcl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Tcl (Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug : * Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command. (BZ#478961) All users of Tcl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68693
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68693
    titleOracle Linux 5 : tcl (ELSA-2013-0122)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-0478.NASL
    description - Mon Jan 7 2008 Tom Lane <tgl at redhat.com> 8.2.6-1 - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 - Make initscript and pam config files be installed unconditionally; seems new buildroots don
    last seen2020-06-01
    modified2020-06-02
    plugin id29944
    published2008-01-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29944
    titleFedora 8 : postgresql-8.2.6-1.fc8 (2008-0478)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0038.NASL
    descriptionUpdated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL
    last seen2020-06-01
    modified2020-06-02
    plugin id29933
    published2008-01-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29933
    titleCentOS 4 / 5 : postgresql (CESA-2008:0038)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_POSTGRESQL-4962.NASL
    descriptionThis version update to 7.4.19 fixes among other things several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772 / CVE-2007-6067 / CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen2020-06-01
    modified2020-06-02
    plugin id30199
    published2008-02-06
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30199
    titleSuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 4962)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12065.NASL
    descriptionThis version update to 8.1.11 fixes among other things, several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen2020-06-01
    modified2020-06-02
    plugin id41193
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41193
    titleSuSE9 Security Update : postgresql (YOU Patch Number 12065)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0038.NASL
    descriptionFrom Red Hat Security Advisory 2008:0038 : Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL
    last seen2020-06-01
    modified2020-06-02
    plugin id67638
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67638
    titleOracle Linux 4 / 5 : postgresql (ELSA-2008-0038)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_POSTGRESQL-4955.NASL
    descriptionThis version update to 8.2.6 fixes among other things several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen2020-06-01
    modified2020-06-02
    plugin id30251
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30251
    titleopenSUSE 10 Security Update : postgresql (postgresql-4955)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0122.NASL
    descriptionUpdated tcl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Tcl (Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug : * Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command. (BZ#478961) All users of Tcl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id63405
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63405
    titleRHEL 5 : tcl (RHSA-2013:0122)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_POSTGRESQL-4958.NASL
    descriptionThis version update to 8.1.11 fixes among other things several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601
    last seen2020-06-01
    modified2020-06-02
    plugin id30198
    published2008-02-06
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30198
    titleopenSUSE 10 Security Update : postgresql (postgresql-4958)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0038.NASL
    descriptionUpdated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL
    last seen2020-06-01
    modified2020-06-02
    plugin id29955
    published2008-01-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29955
    titleRHEL 4 / 5 : postgresql (RHSA-2008:0038)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200801-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200801-15 (PostgreSQL: Multiple vulnerabilities) If using the
    last seen2020-06-01
    modified2020-06-02
    plugin id30120
    published2008-01-29
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30120
    titleGLSA-200801-15 : PostgreSQL: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-0552.NASL
    description - Mon Jan 7 2008 Tom Lane <tgl at redhat.com> 8.2.6-1 - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 - Make initscript and pam config files be installed unconditionally; seems new buildroots don
    last seen2020-06-01
    modified2020-06-02
    plugin id29948
    published2008-01-14
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29948
    titleFedora 7 : postgresql-8.2.6-1.fc7 (2008-0552)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080111_POSTGRESQL_ON_SL3_X.NASL
    descriptionWill Drewry discovered multiple flaws in PostgreSQL
    last seen2020-06-01
    modified2020-06-02
    plugin id60343
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60343
    titleScientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64

Oval

accepted2013-04-29T04:03:50.564-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionAlgorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
familyunix
idoval:org.mitre.oval:def:10235
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleAlgorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
version27

Redhat

advisories
  • bugzilla
    id478961
    title[RHEL5] tcl threads support implementation can cause scripts to hang
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commenttcl-html is earlier than 0:8.4.13-6.el5
            ovaloval:com.redhat.rhsa:tst:20130122001
          • commenttcl-html is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20130122002
        • AND
          • commenttcl is earlier than 0:8.4.13-6.el5
            ovaloval:com.redhat.rhsa:tst:20130122003
          • commenttcl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20130122004
        • AND
          • commenttcl-devel is earlier than 0:8.4.13-6.el5
            ovaloval:com.redhat.rhsa:tst:20130122005
          • commenttcl-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20130122006
    rhsa
    idRHSA-2013:0122
    released2013-01-08
    severityModerate
    titleRHSA-2013:0122: tcl security and bug fix update (Moderate)
  • rhsa
    idRHSA-2008:0038
  • rhsa
    idRHSA-2008:0040
rpms
  • postgresql-0:7.4.19-1.el4_6.1
  • postgresql-0:8.1.11-1.el5_1.1
  • postgresql-contrib-0:7.4.19-1.el4_6.1
  • postgresql-contrib-0:8.1.11-1.el5_1.1
  • postgresql-debuginfo-0:7.4.19-1.el4_6.1
  • postgresql-debuginfo-0:8.1.11-1.el5_1.1
  • postgresql-devel-0:7.4.19-1.el4_6.1
  • postgresql-devel-0:8.1.11-1.el5_1.1
  • postgresql-docs-0:7.4.19-1.el4_6.1
  • postgresql-docs-0:8.1.11-1.el5_1.1
  • postgresql-jdbc-0:7.4.19-1.el4_6.1
  • postgresql-libs-0:7.4.19-1.el4_6.1
  • postgresql-libs-0:8.1.11-1.el5_1.1
  • postgresql-pl-0:7.4.19-1.el4_6.1
  • postgresql-pl-0:8.1.11-1.el5_1.1
  • postgresql-python-0:7.4.19-1.el4_6.1
  • postgresql-python-0:8.1.11-1.el5_1.1
  • postgresql-server-0:7.4.19-1.el4_6.1
  • postgresql-server-0:8.1.11-1.el5_1.1
  • postgresql-tcl-0:7.4.19-1.el4_6.1
  • postgresql-tcl-0:8.1.11-1.el5_1.1
  • postgresql-test-0:7.4.19-1.el4_6.1
  • postgresql-test-0:8.1.11-1.el5_1.1
  • postgresql-0:8.1.11-1.el4s1.1
  • postgresql-0:8.2.6-1.el5s2
  • postgresql-contrib-0:8.1.11-1.el4s1.1
  • postgresql-contrib-0:8.2.6-1.el5s2
  • postgresql-debuginfo-0:8.1.11-1.el4s1.1
  • postgresql-debuginfo-0:8.2.6-1.el5s2
  • postgresql-devel-0:8.1.11-1.el4s1.1
  • postgresql-devel-0:8.2.6-1.el5s2
  • postgresql-docs-0:8.1.11-1.el4s1.1
  • postgresql-docs-0:8.2.6-1.el5s2
  • postgresql-libs-0:8.1.11-1.el4s1.1
  • postgresql-libs-0:8.2.6-1.el5s2
  • postgresql-pl-0:8.1.11-1.el4s1.1
  • postgresql-plperl-0:8.2.6-1.el5s2
  • postgresql-plpython-0:8.2.6-1.el5s2
  • postgresql-pltcl-0:8.2.6-1.el5s2
  • postgresql-python-0:8.1.11-1.el4s1.1
  • postgresql-python-0:8.2.6-1.el5s2
  • postgresql-server-0:8.1.11-1.el4s1.1
  • postgresql-server-0:8.2.6-1.el5s2
  • postgresql-tcl-0:8.1.11-1.el4s1.1
  • postgresql-tcl-0:8.2.6-1.el5s2
  • postgresql-test-0:8.1.11-1.el4s1.1
  • postgresql-test-0:8.2.6-1.el5s2
  • tcl-0:8.4.13-6.el5
  • tcl-debuginfo-0:8.4.13-6.el5
  • tcl-devel-0:8.4.13-6.el5
  • tcl-html-0:8.4.13-6.el5

References