From c1eef8d89dbdb331ebccc4269e7d1f64d92263e4 Mon Sep 17 00:00:00 2001 From: miwi Date: Thu, 24 Apr 2008 23:12:03 +0000 Subject: Document postgresql -- multiple vulnerabilities PR: 120133 (basic on) Submitted by: Nick Barkas --- security/vuxml/vuln.xml | 57 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 2cd81566a514..504877359de2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,63 @@ Note: Please add new entries to the beginning of this file. --> + + postgresql -- multiple vulnerabilities + + + postgresql + postgresql-server + 7.37.3.21 + 7.47.4.19 + 8.08.0.15 + 8.18.1.11 + 8.28.2.6 + + + + +

The PostgreSQL developers report:

+
+

PostgreSQL allows users to create indexes on the results of user-defined + functions, known as "expression indexes". This provided two vulnerabilities + to privilege escalation: (1) index functions were executed as the superuser + and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE + and SET SESSION AUTHORIZATION were permitted within index functions. Both + of these holes have now been closed.

+
+
+

PostgreSQL allowed malicious users to initiate a denial-of-service by + passing certain regular expressions in SQL queries. First, users could + create infinite loops using some specific regular expressions. Second, + certain complex regular expressions could consume excessive amounts of + memory. Third, out-of-range backref numbers could be used to crash the + backend.

+
+
+

DBLink functions combined with local trust or ident authentication could + be used by a malicious user to gain superuser privileges. This issue has + been fixed, and does not affect users who have not installed DBLink (an + optional module), or who are using password authentication for local + access. This same problem was addressed in the previous release cycle, + but that patch failed to close all forms of the loophole.

+
+ +
+ + CVE-2007-6600 + CVE-2007-4772 + CVE-2007-6067 + CVE-2007-4769 + CVE-2007-6601 + 27163 + http://www.postgresql.org/about/news.905 + + + 2008-01-06 + 2008-04-24 + +
+ phpmyadmin -- Shared Host Information Disclosure -- cgit