(Sun Describes Workaround) PostgreSQL Data Type Check Bypass and Table Column Modification Bugs Let Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1017708 |
|
SecurityTracker URL: http://securitytracker.com/id/1017708
|
|
CVE Reference:
CVE-2007-0555, CVE-2007-0556
(Links to External Site)
|
Date: Feb 28 2007
|
Impact:
Denial of service via network, Disclosure of user information
|
Vendor Confirmed: Yes
|
Version(s): 7.3, 7.4, 8.0, 8.1, 8.2
|
Description:
A vulnerability was reported in PostgreSQL. A remote authenticated user can cause denial of service conditions.
A remote authenticated user can send specially crafted data to suppress the normal SQL data type checks to cause the backend to crash [CVE-2007-0555].
A remote authenticated user can change the data type of a table column to cause a backend crash [CVE-2007-0556]. This may also be exploited to read portions of the database contents. Only versions 8.0, 8.1, and 8.2 are affected by this second vulnerability.
|
Impact:
A remote authenticated user can cause denial of service conditions on the target system.
A remote authenticated user may be able to read portions of the database contents.
|
Solution:
Sun has described a workaround for CVE-2007-0555 in their advisory. There is no workaround for CVE-2007-0556.
A final resolution is pending.
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1
|
Vendor URL: www.postgresql.org/support/security (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 28 Feb 2007 00:15:35 -0500
Subject: Two Security Vulnerabilities in PostgreSQL May Allow Denial of Service or Information Leakage
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102621-1
CVE-2007-0555
CVE-2007-0556
|
|
