[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-0556Date: (C)2007-02-05   (M)2023-12-22


The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.6
Exploit Score: 3.9
Impact Score: 9.2
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECTRACK-1017597
SUNALERT-102825
2007-0007
http://www.securityfocus.com/archive/1/459280/100/0/threaded
http://www.securityfocus.com/archive/1/459448/100/0/threaded
BID-22387
SECUNIA-24028
SECUNIA-24033
SECUNIA-24042
SECUNIA-24050
SECUNIA-24057
SECUNIA-24151
SECUNIA-24315
SECUNIA-24513
SECUNIA-24577
SECUNIA-25220
OSVDB-33302
ADV-2007-0478
ADV-2007-0774
FEDORA-2007-198
GLSA-200703-15
MDKSA-2007:037
RHSA-2007:0067
RHSA-2007:0068
SUSE-SR:2007:010
USN-417-1
USN-417-2
http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html
http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
http://www.postgresql.org/support/security
https://issues.rpath.com/browse/RPL-1025
https://issues.rpath.com/browse/RPL-830
oval:org.mitre.oval:def:11353
postgresql-datatype-information-disclosure(32191)

CPE    44
cpe:/a:postgresql:postgresql:7.4.10
cpe:/a:postgresql:postgresql:7.4.11
cpe:/a:postgresql:postgresql:7.4.9
cpe:/a:postgresql:postgresql:7.4.8
...

© SecPod Technologies