Computer Security
[EN] securityvulns.ru no-pyccku


PostgreSQL database server multiple security vulnerabilities
Published:08.01.2008
Source:
SecurityVulns ID:8539
Type:local
Threat Level:
5/10
Description:Privilege escalation with indexing functions, privilege escalation with DBLink, DoS with regular expressions.
Affected:POSTGRESQL : PostgreSQL 7.3
 POSTGRES : PostgreSQL 7.4
 POSTGRES : PostgreSQL 8.0
 POSTGRES : PostgreSQL 8.1
 POSTGRES : PostgreSQL 8.2
CVE:CVE-2007-6601
 CVE-2007-6600
 CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.)
 CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.)
 CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.)
Original documentdocumentPOSTGRESQL, PostgreSQL 2007-01-07 Cumulative Security Release (08.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod