CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.
References
Link Resource
http://fedoranews.org/cms/node/2554
http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html
http://osvdb.org/33302
http://secunia.com/advisories/24028
http://secunia.com/advisories/24033 Vendor Advisory
http://secunia.com/advisories/24042
http://secunia.com/advisories/24050
http://secunia.com/advisories/24057
http://secunia.com/advisories/24151
http://secunia.com/advisories/24315
http://secunia.com/advisories/24513
http://secunia.com/advisories/24577
http://secunia.com/advisories/25220
http://security.gentoo.org/glsa/glsa-200703-15.xml
http://securitytracker.com/id?1017597
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1
http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:037
http://www.novell.com/linux/security/advisories/2007_10_sr.html
http://www.postgresql.org/support/security
http://www.redhat.com/support/errata/RHSA-2007-0067.html
http://www.redhat.com/support/errata/RHSA-2007-0068.html
http://www.securityfocus.com/archive/1/459280/100/0/threaded
http://www.securityfocus.com/archive/1/459448/100/0/threaded
http://www.securityfocus.com/bid/22387
http://www.trustix.org/errata/2007/0007
http://www.ubuntu.com/usn/usn-417-2
http://www.vupen.com/english/advisories/2007/0478
http://www.vupen.com/english/advisories/2007/0774
https://exchange.xforce.ibmcloud.com/vulnerabilities/32191
https://issues.rpath.com/browse/RPL-1025
https://issues.rpath.com/browse/RPL-830
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11353
https://usn.ubuntu.com/417-1/
http://fedoranews.org/cms/node/2554
http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html
http://osvdb.org/33302
http://secunia.com/advisories/24028
http://secunia.com/advisories/24033 Vendor Advisory
http://secunia.com/advisories/24042
http://secunia.com/advisories/24050
http://secunia.com/advisories/24057
http://secunia.com/advisories/24151
http://secunia.com/advisories/24315
http://secunia.com/advisories/24513
http://secunia.com/advisories/24577
http://secunia.com/advisories/25220
http://security.gentoo.org/glsa/glsa-200703-15.xml
http://securitytracker.com/id?1017597
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1
http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:037
http://www.novell.com/linux/security/advisories/2007_10_sr.html
http://www.postgresql.org/support/security
http://www.redhat.com/support/errata/RHSA-2007-0067.html
http://www.redhat.com/support/errata/RHSA-2007-0068.html
http://www.securityfocus.com/archive/1/459280/100/0/threaded
http://www.securityfocus.com/archive/1/459448/100/0/threaded
http://www.securityfocus.com/bid/22387
http://www.trustix.org/errata/2007/0007
http://www.ubuntu.com/usn/usn-417-2
http://www.vupen.com/english/advisories/2007/0478
http://www.vupen.com/english/advisories/2007/0774
https://exchange.xforce.ibmcloud.com/vulnerabilities/32191
https://issues.rpath.com/browse/RPL-1025
https://issues.rpath.com/browse/RPL-830
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11353
https://usn.ubuntu.com/417-1/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:postgresql:postgresql:1.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:1.01:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:1.02:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:1.09:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.17:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.18:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:26

Type Values Removed Values Added
References () http://fedoranews.org/cms/node/2554 - () http://fedoranews.org/cms/node/2554 -
References () http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html - () http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html -
References () http://osvdb.org/33302 - () http://osvdb.org/33302 -
References () http://secunia.com/advisories/24028 - () http://secunia.com/advisories/24028 -
References () http://secunia.com/advisories/24033 - Vendor Advisory () http://secunia.com/advisories/24033 - Vendor Advisory
References () http://secunia.com/advisories/24042 - () http://secunia.com/advisories/24042 -
References () http://secunia.com/advisories/24050 - () http://secunia.com/advisories/24050 -
References () http://secunia.com/advisories/24057 - () http://secunia.com/advisories/24057 -
References () http://secunia.com/advisories/24151 - () http://secunia.com/advisories/24151 -
References () http://secunia.com/advisories/24315 - () http://secunia.com/advisories/24315 -
References () http://secunia.com/advisories/24513 - () http://secunia.com/advisories/24513 -
References () http://secunia.com/advisories/24577 - () http://secunia.com/advisories/24577 -
References () http://secunia.com/advisories/25220 - () http://secunia.com/advisories/25220 -
References () http://security.gentoo.org/glsa/glsa-200703-15.xml - () http://security.gentoo.org/glsa/glsa-200703-15.xml -
References () http://securitytracker.com/id?1017597 - () http://securitytracker.com/id?1017597 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1 -
References () http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm - () http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:037 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:037 -
References () http://www.novell.com/linux/security/advisories/2007_10_sr.html - () http://www.novell.com/linux/security/advisories/2007_10_sr.html -
References () http://www.postgresql.org/support/security - () http://www.postgresql.org/support/security -
References () http://www.redhat.com/support/errata/RHSA-2007-0067.html - () http://www.redhat.com/support/errata/RHSA-2007-0067.html -
References () http://www.redhat.com/support/errata/RHSA-2007-0068.html - () http://www.redhat.com/support/errata/RHSA-2007-0068.html -
References () http://www.securityfocus.com/archive/1/459280/100/0/threaded - () http://www.securityfocus.com/archive/1/459280/100/0/threaded -
References () http://www.securityfocus.com/archive/1/459448/100/0/threaded - () http://www.securityfocus.com/archive/1/459448/100/0/threaded -
References () http://www.securityfocus.com/bid/22387 - () http://www.securityfocus.com/bid/22387 -
References () http://www.trustix.org/errata/2007/0007 - () http://www.trustix.org/errata/2007/0007 -
References () http://www.ubuntu.com/usn/usn-417-2 - () http://www.ubuntu.com/usn/usn-417-2 -
References () http://www.vupen.com/english/advisories/2007/0478 - () http://www.vupen.com/english/advisories/2007/0478 -
References () http://www.vupen.com/english/advisories/2007/0774 - () http://www.vupen.com/english/advisories/2007/0774 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/32191 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/32191 -
References () https://issues.rpath.com/browse/RPL-1025 - () https://issues.rpath.com/browse/RPL-1025 -
References () https://issues.rpath.com/browse/RPL-830 - () https://issues.rpath.com/browse/RPL-830 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11353 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11353 -
References () https://usn.ubuntu.com/417-1/ - () https://usn.ubuntu.com/417-1/ -

Information

Published : 2007-02-06 01:28

Updated : 2024-11-21 00:26


NVD link : CVE-2007-0556

Mitre link : CVE-2007-0556

CVE.ORG link : CVE-2007-0556


JSON object : View

Products Affected

postgresql

  • postgresql