CVE-2007-0556

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.
References
Link Resource
http://www.postgresql.org/support/security
http://secunia.com/advisories/24033 Vendor Advisory
http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html
https://issues.rpath.com/browse/RPL-830
https://issues.rpath.com/browse/RPL-1025
http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
http://fedoranews.org/cms/node/2554
http://security.gentoo.org/glsa/glsa-200703-15.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:037
http://www.redhat.com/support/errata/RHSA-2007-0067.html
http://www.redhat.com/support/errata/RHSA-2007-0068.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1
http://www.trustix.org/errata/2007/0007
http://www.ubuntu.com/usn/usn-417-2
http://www.securityfocus.com/bid/22387
http://securitytracker.com/id?1017597
http://secunia.com/advisories/24028
http://secunia.com/advisories/24057
http://secunia.com/advisories/24050
http://secunia.com/advisories/24042
http://secunia.com/advisories/24151
http://secunia.com/advisories/24315
http://secunia.com/advisories/24513
http://secunia.com/advisories/24577
http://www.novell.com/linux/security/advisories/2007_10_sr.html
http://secunia.com/advisories/25220
http://osvdb.org/33302
http://www.vupen.com/english/advisories/2007/0478
http://www.vupen.com/english/advisories/2007/0774
https://exchange.xforce.ibmcloud.com/vulnerabilities/32191
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11353
https://usn.ubuntu.com/417-1/
http://www.securityfocus.com/archive/1/459448/100/0/threaded
http://www.securityfocus.com/archive/1/459280/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:1.01:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:1.09:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.18:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:1.02:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:1.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.17:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*

Information

Published : 2007-02-06 01:28

Updated : 2018-10-16 04:33


NVD link : CVE-2007-0556

Mitre link : CVE-2007-0556

Products Affected
No products.