Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1410

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-1410
Last Modified 07 Mar 2011 09:21:44
Published 03 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-1410

Summary

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.

Vulnerable Systems

Operating System

  • Trustix Secure Linux 2.0

Application

  • Postgresql 7.4

  • Postgresql 7.4.3

  • Postgresql 7.4.5

  • Postgresql 7.4.6

  • Postgresql 7.4.7

  • Postgresql 8.0

  • Postgresql 8.0.1

  • Postgresql 8.0.2


References

BID - 13475

CONFIRM - http://www.postgresql.org/about/news.315

MLIST - [pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found

VUPEN - ADV-2005-0453

FEDORA - FLSA-2006:157366

REDHAT - RHSA-2005:433

SUSE - SUSE-SA:2005:036


Last Updated: 27 May 2016 10:40:09