PT-2007-2016 · Postgresql+1 · Postgresql+1

Published

2007-02-06

Updated

2018-10-16

CVE-2007-0556

CVSS v2.0

6.6

Medium

Vector

AV:N/AC:H/Au:S/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 8.0.11 PostgreSQL versions prior to 8.1.7 PostgreSQL versions prior to 8.2.2

Description The issue arises from the query planner not verifying table compatibility with previously made query plans. This allows remote authenticated users to potentially cause a denial of service (server crash) and access database content they should not have access to. The vulnerability can be exploited through an "ALTER COLUMN TYPE" SQL statement, which may enable reading arbitrary memory from the server.

Recommendations For versions prior to 8.0.11, update to version 8.0.11 or later. For versions prior to 8.1.7, update to version 8.1.7 or later. For versions prior to 8.2.2, update to version 8.2.2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0556

RHSA-2007:0067

RHSA-2007:0068

RHSA-2007_0068

Affected Products

Postgresql

Red Hat

PT-2007-2016 · Postgresql+1 · Postgresql+1

CVE-2007-0556

Related Identifiers

Affected Products

References · 45