EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
References
Link | Resource |
---|---|
http://secunia.com/advisories/26640 | Broken Link |
http://www.securityfocus.com/archive/1/478057/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/25481 | Broken Link Exploit Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2007/3040 | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/36328 | Broken Link Third Party Advisory VDB Entry |
Configurations
History
09 Feb 2024, 03:23
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-824 | |
CPE | cpe:2.3:a:enterprisedb:postgres_advanced_server:8.2:*:*:*:*:*:*:* | |
First Time |
Enterprisedb postgres Advanced Server
|
|
References | (VUPEN) http://www.vupen.com/english/advisories/2007/3040 - Broken Link | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/36328 - Broken Link, Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/25481 - Broken Link, Exploit, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/26640 - Broken Link | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/478057/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry |
Information
Published : 2007-08-31 23:17
Updated : 2024-02-28 11:01
NVD link : CVE-2007-4639
Mitre link : CVE-2007-4639
CVE.ORG link : CVE-2007-4639
JSON object : View
Products Affected
enterprisedb
- postgres_advanced_server
CWE
CWE-824
Access of Uninitialized Pointer