Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Published: 2009-03-17
Updated: 2018-10-10
Summary
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. Per: https://bugzilla.redhat.com/show_bug.cgi?id=488156 "PostgreSQL allows remote authenticated users to cause a momentary denial of service (crash due to stack consumption) when there is a failure to convert a localized error message to the client-specified encoding. In releases 8.3.6, 8.2.12, 8.1.16. 8.0.20, and 7.4.24, a trivial misconfiguration is sufficient to provoke a crash. In older releases it is necessary to select a locale and client encoding for which specific messages fail to translate, and so a given installation may or may not be vulnerable depending on the administrator-determined locale setting. Releases 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 are secure against all known variants of this issue."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | PostgreSQL 8.3.6 Conversion Encoding Remote Denial of Service Vulnerability. CVE-2009-0922. Dos exploit for linux platform |
id | EDB-ID:32849 |
last seen | 2016-02-03 |
modified | 2009-03-11 |
published | 2009-03-11 |
reporter | Afonin Denis |
source | https://www.exploit-db.com/download/32849/ |
title | PostgreSQL <= 8.3.6 - Conversion Encoding Remote Denial of Service Vulnerability |
Nessus
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_X86_123591.NASL |
description | SunOS 5.10_x86: PostgreSQL patch. Date this patch was last updated by Sun : Jan/14/10 This plugin has been deprecated and either replaced with individual 123591 patch-revision plugins, or deemed non-security related. |
last seen | 2019-02-21 |
modified | 2018-07-30 |
plugin id | 24849 |
published | 2007-03-18 |
reporter | Tenable |
source | https://www.tenable.com/plugins/index.php?view=single&id=24849 |
title | Solaris 10 (x86) : 123591-12 (deprecated) |
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201110-22.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201110-22 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 56626 |
published | 2011-10-25 |
reporter | This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56626 |
title | GLSA-201110-22 : PostgreSQL: Multiple vulnerabilities |
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_138826.NASL |
description | SunOS 5.10: PostgreSQL 8.3 core patch. Date this patch was last updated by Sun : Mar/29/13 This plugin has been deprecated and either replaced with individual 138826 patch-revision plugins, or deemed non-security related. |
last seen | 2019-02-21 |
modified | 2018-07-30 |
plugin id | 39555 |
published | 2009-06-28 |
reporter | Tenable |
source | https://www.tenable.com/plugins/index.php?view=single&id=39555 |
title | Solaris 10 (sparc) : 138826-12 (deprecated) |
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_123590-12.NASL |
description | SunOS 5.10: PostgreSQL patch. Date this patch was last updated by Sun : Jan/14/10 |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 107391 |
published | 2018-03-12 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/107391 |
title | Solaris 10 (sparc) : 123590-12 |
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_X86_138827.NASL |
description | SunOS 5.10_x86: PostgreSQL 8.3 core patch. Date this patch was last updated by Sun : Mar/29/13 This plugin has been deprecated and either replaced with individual 138827 patch-revision plugins, or deemed non-security related. |
last seen | 2019-02-21 |
modified | 2018-07-30 |
plugin id | 39558 |
published | 2009-06-28 |
reporter | Tenable |
source | https://www.tenable.com/plugins/index.php?view=single&id=39558 |
title | Solaris 10 (x86) : 138827-12 (deprecated) |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_11_POSTGRESQL-090324.NASL |
description | Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding. (CVE-2009-0922) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 41450 |
published | 2009-09-24 |
reporter | This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/41450 |
title | SuSE 11 Security Update : PostgreSQL (SAT Patch Number 674) |
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_136998.NASL |
description | SunOS 5.10: PostgreSQL 8.2 core patch. Date this patch was last updated by Sun : Jun/09/11 This plugin has been deprecated and either replaced with individual 136998 patch-revision plugins, or deemed non-security related. |
last seen | 2019-02-21 |
modified | 2018-07-30 |
plugin id | 30169 |
published | 2008-02-05 |
reporter | Tenable |
source | https://www.tenable.com/plugins/index.php?view=single&id=30169 |
title | Solaris 10 (sparc) : 136998-10 (deprecated) |
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_X86_123591-12.NASL |
description | SunOS 5.10_x86: PostgreSQL patch. Date this patch was last updated by Sun : Jan/14/10 |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 107893 |
published | 2018-03-12 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/107893 |
title | Solaris 10 (x86) : 123591-12 |
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_138826-12.NASL |
description | SunOS 5.10: PostgreSQL 8.3 core patch. Date this patch was last updated by Sun : Mar/29/13 |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 107507 |
published | 2018-03-12 |
reporter | This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/107507 |
title | Solaris 10 (sparc) : 138826-12 |
NASL family | SuSE Local Security Checks |
NASL id | SUSE9_12383.NASL |
description | Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding. (CVE-2009-0922) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 41288 |
published | 2009-09-24 |
reporter | This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/41288 |
title | SuSE9 Security Update : PostgreSQL (YOU Patch Number 12383) |
NASL family | Ubuntu Local Security Checks |
NASL id | UBUNTU_USN-753-1.NASL |
description | It was discovered that PostgreSQL did not properly handle encoding conversion failures. An attacker could exploit this by sending specially crafted requests to PostgreSQL, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 37152 |
published | 2009-04-23 |
reporter | Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/37152 |
title | Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : postgresql-8.1, postgresql-8.3 vulnerability (USN-753-1) |
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_X86_136999.NASL |
description | SunOS 5.10_x86: PostgreSQL 8.2 core patch. Date this patch was last updated by Sun : Jun/09/11 This plugin has been deprecated and either replaced with individual 136999 patch-revision plugins, or deemed non-security related. |
last seen | 2019-02-21 |
modified | 2018-07-30 |
plugin id | 30175 |
published | 2008-02-05 |
reporter | Tenable |
source | https://www.tenable.com/plugins/index.php?view=single&id=30175 |
title | Solaris 10 (x86) : 136999-10 (deprecated) |
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_X86_136999-10.NASL |
description | SunOS 5.10_x86: PostgreSQL 8.2 core patch. Date this patch was last updated by Sun : Jun/09/11 |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 107978 |
published | 2018-03-12 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/107978 |
title | Solaris 10 (x86) : 136999-10 |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_11_1_POSTGRESQL-090324.NASL |
description | Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding (CVE-2009-0922). |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 40299 |
published | 2009-07-21 |
reporter | This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/40299 |
title | openSUSE Security Update : postgresql (postgresql-675) |
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_X86_138827-12.NASL |
description | SunOS 5.10_x86: PostgreSQL 8.3 core patch. Date this patch was last updated by Sun : Mar/29/13 |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 108005 |
published | 2018-03-12 |
reporter | This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/108005 |
title | Solaris 10 (x86) : 138827-12 |
NASL family | Fedora Local Security Checks |
NASL id | FEDORA_2009-2959.NASL |
description | Update to PostgreSQL 8.3.7, for various fixes described at http://www.postgresql.org/docs/8.3/static/release-8-3-7.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 36811 |
published | 2009-04-23 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/36811 |
title | Fedora 10 : postgresql-8.3.7-1.fc10 (2009-2959) |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_POSTGRESQL-6115.NASL |
description | Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding (CVE-2009-0922). |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 36169 |
published | 2009-04-16 |
reporter | This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/36169 |
title | openSUSE 10 Security Update : postgresql (postgresql-6115) |
NASL family | Scientific Linux Local Security Checks |
NASL id | SL_20091007_POSTGRESQL_ON_SL3_X.NASL |
description | CVE-2009-0922 postgresql: potential DoS due to conversion functions CVE-2009-3230 postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600 It was discovered that the upstream patch for CVE-2007-6600 included in the Scientific Linux did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) A flaw was found in the way PostgreSQL handled encoding conversion. A remote, authenticated user could trigger an encoding conversion failure, possibly leading to a temporary denial of service. Note: To exploit this issue, a locale and client encoding for which specific messages fail to translate must be selected (the availability of these is determined by an administrator-defined locale setting). (CVE-2009-0922) Note: For Scientific Linux 4, this update upgrades PostgreSQL to version 7.4.26. For Scientific Linux 5, this update upgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html http://www.postgresql.org/docs/8.1/static/release.html If the postgresql service is running, it will be automatically restarted after installing this update. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 60675 |
published | 2012-08-01 |
reporter | This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/60675 |
title | Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64 |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_11_0_POSTGRESQL-090324.NASL |
description | Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding (CVE-2009-0922). |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 40113 |
published | 2009-07-21 |
reporter | This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/40113 |
title | openSUSE Security Update : postgresql (postgresql-675) |
NASL family | Oracle Linux Local Security Checks |
NASL id | ORACLELINUX_ELSA-2009-1484.NASL |
description | From Red Hat Security Advisory 2009:1484 : Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) A flaw was found in the way PostgreSQL handled encoding conversion. A remote, authenticated user could trigger an encoding conversion failure, possibly leading to a temporary denial of service. Note: To exploit this issue, a locale and client encoding for which specific messages fail to translate must be selected (the availability of these is determined by an administrator-defined locale setting). (CVE-2009-0922) Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users should upgrade to these updated packages, which resolve these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 67936 |
published | 2013-07-12 |
reporter | This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/67936 |
title | Oracle Linux 4 / 5 : postgresql (ELSA-2009-1484) |
NASL family | Mandriva Local Security Checks |
NASL id | MANDRIVA_MDVSA-2009-079.NASL |
description | PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests (CVE-2009-0922). This update provides a fix for this vulnerability. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 37346 |
published | 2009-04-23 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/37346 |
title | Mandriva Linux Security Advisory : postgresql (MDVSA-2009:079) |
NASL family | CentOS Local Security Checks |
NASL id | CENTOS_RHSA-2009-1484.NASL |
description | Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) A flaw was found in the way PostgreSQL handled encoding conversion. A remote, authenticated user could trigger an encoding conversion failure, possibly leading to a temporary denial of service. Note: To exploit this issue, a locale and client encoding for which specific messages fail to translate must be selected (the availability of these is determined by an administrator-defined locale setting). (CVE-2009-0922) Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users should upgrade to these updated packages, which resolve these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 43800 |
published | 2010-01-06 |
reporter | This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/43800 |
title | CentOS 4 / 5 : postgresql (CESA-2009:1484) |
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2009-1484.NASL |
description | Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) A flaw was found in the way PostgreSQL handled encoding conversion. A remote, authenticated user could trigger an encoding conversion failure, possibly leading to a temporary denial of service. Note: To exploit this issue, a locale and client encoding for which specific messages fail to translate must be selected (the availability of these is determined by an administrator-defined locale setting). (CVE-2009-0922) Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users should upgrade to these updated packages, which resolve these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 42064 |
published | 2009-10-08 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/42064 |
title | RHEL 4 / 5 : postgresql (RHSA-2009:1484) |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_POSTGRESQL-6114.NASL |
description | Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding. (CVE-2009-0922) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 41579 |
published | 2009-09-24 |
reporter | This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/41579 |
title | SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6114) |
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_123590.NASL |
description | SunOS 5.10: PostgreSQL patch. Date this patch was last updated by Sun : Jan/14/10 This plugin has been deprecated and either replaced with individual 123590 patch-revision plugins, or deemed non-security related. |
last seen | 2019-02-21 |
modified | 2018-07-30 |
plugin id | 24845 |
published | 2007-03-18 |
reporter | Tenable |
source | https://www.tenable.com/plugins/index.php?view=single&id=24845 |
title | Solaris 10 (sparc) : 123590-12 (deprecated) |
NASL family | Fedora Local Security Checks |
NASL id | FEDORA_2009-2927.NASL |
description | Update to PostgreSQL 8.3.7, for various fixes described at http://www.postgresql.org/docs/8.3/static/release-8-3-7.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 35995 |
published | 2009-03-24 |
reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/35995 |
title | Fedora 9 : postgresql-8.3.7-1.fc9 (2009-2927) |
NASL family | Solaris Local Security Checks |
NASL id | SOLARIS10_136998-10.NASL |
description | SunOS 5.10: PostgreSQL 8.2 core patch. Date this patch was last updated by Sun : Jun/09/11 |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 107480 |
published | 2018-03-12 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/107480 |
title | Solaris 10 (sparc) : 136998-10 |
Oval
accepted | 2013-04-29T04:09:32.967-04:00 |
class | vulnerability |
contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
|
definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
|
description | PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. |
family | unix |
id | oval:org.mitre.oval:def:10874 |
status | accepted |
submitted | 2010-07-09T03:56:16-04:00 |
title | PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. |
version | 27 |
accepted | 2009-09-07T04:00:13.826-04:00 |
class | vulnerability |
contributors | name | Pai Peng | organization | Hewlett-Packard |
|
definition_extensions | comment | Solaris 10 (SPARC) is installed | oval | oval:org.mitre.oval:def:1440 |
comment | Solaris 10 (SPARC) is installed | oval | oval:org.mitre.oval:def:1440 |
comment | Solaris 10 (SPARC) is installed | oval | oval:org.mitre.oval:def:1440 |
comment | Solaris 10 (x86) is installed | oval | oval:org.mitre.oval:def:1926 |
comment | Solaris 10 (x86) is installed | oval | oval:org.mitre.oval:def:1926 |
comment | Solaris 10 (x86) is installed | oval | oval:org.mitre.oval:def:1926 |
|
description | PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. |
family | unix |
id | oval:org.mitre.oval:def:6252 |
status | accepted |
submitted | 2009-07-28T11:46:34.000-04:00 |
title | Security Vulnerability in PostgreSQL Shipped with Solaris may Allow a Denial of Service (DoS) |
version | 35 |
Redhat
advisories | |
rpms | - httpd-0:2.2.11-2.el5s2
- httpd-debuginfo-0:2.2.11-2.el5s2
- httpd-devel-0:2.2.11-2.el5s2
- httpd-manual-0:2.2.11-2.el5s2
- mod_jk-ap20-0:1.2.28-2.el5s2
- mod_jk-debuginfo-0:1.2.28-2.el5s2
- mod_ssl-1:2.2.11-2.el5s2
- mysql-0:5.0.79-2.el5s2
- mysql-bench-0:5.0.79-2.el5s2
- mysql-cluster-0:5.0.79-2.el5s2
- mysql-connector-odbc-0:3.51.27r695-1.el5s2
- mysql-connector-odbc-debuginfo-0:3.51.27r695-1.el5s2
- mysql-debuginfo-0:5.0.79-2.el5s2
- mysql-devel-0:5.0.79-2.el5s2
- mysql-libs-0:5.0.79-2.el5s2
- mysql-server-0:5.0.79-2.el5s2
- mysql-test-0:5.0.79-2.el5s2
- perl-DBD-MySQL-0:4.010-1.el5s2
- perl-DBD-MySQL-debuginfo-0:4.010-1.el5s2
- perl-DBD-Pg-0:1.49-5.el5s2
- perl-DBD-Pg-debuginfo-0:1.49-5.el5s2
- php-0:5.2.9-2.el5s2
- php-bcmath-0:5.2.9-2.el5s2
- php-cli-0:5.2.9-2.el5s2
- php-common-0:5.2.9-2.el5s2
- php-dba-0:5.2.9-2.el5s2
- php-debuginfo-0:5.2.9-2.el5s2
- php-devel-0:5.2.9-2.el5s2
- php-gd-0:5.2.9-2.el5s2
- php-imap-0:5.2.9-2.el5s2
- php-ldap-0:5.2.9-2.el5s2
- php-mbstring-0:5.2.9-2.el5s2
- php-mysql-0:5.2.9-2.el5s2
- php-ncurses-0:5.2.9-2.el5s2
- php-odbc-0:5.2.9-2.el5s2
- php-pdo-0:5.2.9-2.el5s2
- php-pgsql-0:5.2.9-2.el5s2
- php-snmp-0:5.2.9-2.el5s2
- php-soap-0:5.2.9-2.el5s2
- php-xml-0:5.2.9-2.el5s2
- php-xmlrpc-0:5.2.9-2.el5s2
- postgresql-0:8.2.13-2.el5s2
- postgresql-contrib-0:8.2.13-2.el5s2
- postgresql-debuginfo-0:8.2.13-2.el5s2
- postgresql-devel-0:8.2.13-2.el5s2
- postgresql-docs-0:8.2.13-2.el5s2
- postgresql-jdbc-0:8.2.509-2jpp.el5s2
- postgresql-jdbc-debuginfo-0:8.2.509-2jpp.el5s2
- postgresql-libs-0:8.2.13-2.el5s2
- postgresql-plperl-0:8.2.13-2.el5s2
- postgresql-plpython-0:8.2.13-2.el5s2
- postgresql-pltcl-0:8.2.13-2.el5s2
- postgresql-python-0:8.2.13-2.el5s2
- postgresql-server-0:8.2.13-2.el5s2
- postgresql-tcl-0:8.2.13-2.el5s2
- postgresql-test-0:8.2.13-2.el5s2
- postgresqlclient81-0:8.1.17-1.el5s2
- postgresqlclient81-debuginfo-0:8.1.17-1.el5s2
- postgresql-0:7.4.26-1.el4_8.1
- postgresql-0:8.1.18-2.el5_4.1
- postgresql-contrib-0:7.4.26-1.el4_8.1
- postgresql-contrib-0:8.1.18-2.el5_4.1
- postgresql-debuginfo-0:7.4.26-1.el4_8.1
- postgresql-debuginfo-0:8.1.18-2.el5_4.1
- postgresql-devel-0:7.4.26-1.el4_8.1
- postgresql-devel-0:8.1.18-2.el5_4.1
- postgresql-docs-0:7.4.26-1.el4_8.1
- postgresql-docs-0:8.1.18-2.el5_4.1
- postgresql-jdbc-0:7.4.26-1.el4_8.1
- postgresql-libs-0:7.4.26-1.el4_8.1
- postgresql-libs-0:8.1.18-2.el5_4.1
- postgresql-pl-0:7.4.26-1.el4_8.1
- postgresql-pl-0:8.1.18-2.el5_4.1
- postgresql-python-0:7.4.26-1.el4_8.1
- postgresql-python-0:8.1.18-2.el5_4.1
- postgresql-server-0:7.4.26-1.el4_8.1
- postgresql-server-0:8.1.18-2.el5_4.1
- postgresql-tcl-0:7.4.26-1.el4_8.1
- postgresql-tcl-0:8.1.18-2.el5_4.1
- postgresql-test-0:7.4.26-1.el4_8.1
- postgresql-test-0:8.1.18-2.el5_4.1
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 34090 CVE(CAN) ID: CVE-2009-0922 PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL处理转换编码时存在栈溢出漏洞,通过认证的用户可以通过提交特制的SQL查询请求在一段时间期间杀死到PostgreSQL服务器的连接,中断其他用户和客户端的事务处理。 PostgreSQL 8.3.6 厂商补丁: PostgreSQL ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.postgresql.org target=_blank rel=external nofollow>http://www.postgresql.org</a> |
id | SSV:4928 |
last seen | 2017-11-19 |
modified | 2009-03-19 |
published | 2009-03-19 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-4928 |
title | PostgreSQL转换编码远程拒绝服务漏洞 |
Statements
contributor | Tomas Hoger |
lastmodified | 2009-10-08 |
organization | Red Hat |
statement | This issue has been addressed in Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-1484.html and in Red Hat Application Stack v2 via: https://rhn.redhat.com/errata/RHSA-2009-1067.html |