CVE-2006-5540

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://projects.commandprompt.com/public/pgsql/changeset/25504
http://secunia.com/advisories/22562	Patch Vendor Advisory
http://secunia.com/advisories/22584	Patch Vendor Advisory
http://secunia.com/advisories/22606
http://secunia.com/advisories/22636
http://secunia.com/advisories/23048
http://secunia.com/advisories/23132
http://secunia.com/advisories/24094
http://secunia.com/advisories/24284
http://secunia.com/advisories/24577
http://securitytracker.com/id?1017115
http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:194
http://www.novell.com/linux/security/advisories/2006_27_sr.html
http://www.postgresql.org/about/news.664
http://www.redhat.com/support/errata/RHSA-2007-0064.html
http://www.redhat.com/support/errata/RHSA-2007-0067.html
http://www.redhat.com/support/errata/RHSA-2007-0068.html
http://www.securityfocus.com/bid/20717	Patch
http://www.trustix.org/errata/2006/0059/
http://www.ubuntu.com/usn/usn-369-1
http://www.ubuntu.com/usn/usn-369-2
http://www.vupen.com/english/advisories/2006/4182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11425
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://projects.commandprompt.com/public/pgsql/changeset/25504
http://secunia.com/advisories/22562	Patch Vendor Advisory
http://secunia.com/advisories/22584	Patch Vendor Advisory
http://secunia.com/advisories/22606
http://secunia.com/advisories/22636
http://secunia.com/advisories/23048
http://secunia.com/advisories/23132
http://secunia.com/advisories/24094
http://secunia.com/advisories/24284
http://secunia.com/advisories/24577
http://securitytracker.com/id?1017115
http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:194
http://www.novell.com/linux/security/advisories/2006_27_sr.html
http://www.postgresql.org/about/news.664
http://www.redhat.com/support/errata/RHSA-2007-0064.html
http://www.redhat.com/support/errata/RHSA-2007-0067.html
http://www.redhat.com/support/errata/RHSA-2007-0068.html
http://www.securityfocus.com/bid/20717	Patch
http://www.trustix.org/errata/2006/0059/
http://www.ubuntu.com/usn/usn-369-1
http://www.ubuntu.com/usn/usn-369-2
http://www.vupen.com/english/advisories/2006/4182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11425

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql:6.3.2:::::::*
	cpe:2.3:a:postgresql:postgresql:6.5.3:::::::*
	cpe:2.3:a:postgresql:postgresql:7.0.2:::::::*
	cpe:2.3:a:postgresql:postgresql:7.0.3:::::::*
	cpe:2.3:a:postgresql:postgresql:7.1:::::::*
	cpe:2.3:a:postgresql:postgresql:7.1.1:::::::*
	cpe:2.3:a:postgresql:postgresql:7.1.2:::::::*
	cpe:2.3:a:postgresql:postgresql:7.1.3:::::::*
	cpe:2.3:a:postgresql:postgresql:7.2:::::::*
	cpe:2.3:a:postgresql:postgresql:7.2.1:::::::*
	cpe:2.3:a:postgresql:postgresql:7.2.2:::::::*
	cpe:2.3:a:postgresql:postgresql:7.2.3:::::::*
	cpe:2.3:a:postgresql:postgresql:7.2.4:::::::*
	cpe:2.3:a:postgresql:postgresql:7.2.7:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.1:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.2:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.3:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.4:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.6:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.8:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.9:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.10:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.11:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.12:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.13:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.14:::::::*
	cpe:2.3:a:postgresql:postgresql:7.3.15:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.1:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.2:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.3:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.4:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.5:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.6:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.7:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.8:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.9:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.10:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.11:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.12:::::::*
	cpe:2.3:a:postgresql:postgresql:7.4.13:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.1:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.2:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.3:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.4:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.5:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.6:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.7:::::::*
	cpe:2.3:a:postgresql:postgresql:8.0.8:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.1:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.2:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.3:::::::*
	cpe:2.3:a:postgresql:postgresql:8.1.4:::::::*

History

21 Nov 2024, 00:19

Information

Published : 2006-10-26 17:07

Updated : 2024-11-21 00:19

NVD link : CVE-2006-5540

Mitre link : CVE-2006-5540

CVE.ORG link : CVE-2006-5540

JSON object : View

Products Affected

postgresql

postgresql

CWE

NVD-CWE-Other

4.0 /10