CVE-2007-4639

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
References
Link Resource
http://secunia.com/advisories/26640 Broken Link
http://www.securityfocus.com/archive/1/478057/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/25481 Broken Link Exploit Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2007/3040 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/36328 Broken Link Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:enterprisedb:postgres_advanced_server:8.2:*:*:*:*:*:*:*

History

09 Feb 2024, 03:23

Type Values Removed Values Added
CWE CWE-94 CWE-824
CPE cpe:2.3:a:enterprisedb:enterprisedb_advanced_server:8.2:*:*:*:*:*:*:* cpe:2.3:a:enterprisedb:postgres_advanced_server:8.2:*:*:*:*:*:*:*
First Time Enterprisedb postgres Advanced Server
References (VUPEN) http://www.vupen.com/english/advisories/2007/3040 - (VUPEN) http://www.vupen.com/english/advisories/2007/3040 - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/36328 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/36328 - Broken Link, Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/25481 - Exploit (BID) http://www.securityfocus.com/bid/25481 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/26640 - (SECUNIA) http://secunia.com/advisories/26640 - Broken Link
References (BUGTRAQ) http://www.securityfocus.com/archive/1/478057/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/478057/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry

Information

Published : 2007-08-31 23:17

Updated : 2024-02-28 11:01


NVD link : CVE-2007-4639

Mitre link : CVE-2007-4639

CVE.ORG link : CVE-2007-4639


JSON object : View

Products Affected

enterprisedb

  • postgres_advanced_server
CWE
CWE-824

Access of Uninitialized Pointer