CVE-2007-4639

Name of the Vulnerable Software and Affected Versions: EnterpriseDB Advanced Server version 8.2

Description: The issue arises from improper handling of certain debugging function calls before a call to pldbg create listener, allowing remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg function. This can be demonstrated by invoking functions such as pldbg get stack and pldbg abort target, which can trigger the use of an uninitialized pointer.

Recommendations: For EnterpriseDB Advanced Server version 8.2, as a temporary workaround, consider disabling the debugging functions pldbg get stack and pldbg abort target until a patch is available. Restrict access to the pldbg functions to minimize the risk of exploitation. Avoid using the pldbg functions in SELECT statements until the issue is resolved.