CVE-2006-0678

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 7.3.x through 7.3.13 PostgreSQL versions 7.4.x through 7.4.11 PostgreSQL versions 8.0.x through 8.0.6 PostgreSQL versions 8.1.x through 8.1.2

Description The issue allows local users to cause a denial of service, resulting in a server crash, via a crafted SET SESSION AUTHORIZATION command when PostgreSQL is compiled with Asserts enabled. A valid login is required to exploit this issue. This can cause the postmaster to restart all backends.

Recommendations For PostgreSQL versions 7.3.x through 7.3.13, update to version 7.3.14 or later. For PostgreSQL versions 7.4.x through 7.4.11, update to version 7.4.12 or later. For PostgreSQL versions 8.0.x through 8.0.6, update to version 8.0.7 or later. For PostgreSQL versions 8.1.x through 8.1.2, update to version 8.1.3 or later.