Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4639

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2007-4639
Last Modified 07 Mar 2011 09:58:56
Published 31 Aug 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-4639

Summary

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.

Vulnerable Systems

Application

  • Enterprisedb Advanced Server 8.2


References

VUPEN - ADV-2007-3040

BID - 25481

BUGTRAQ - 20070829 EnterpriseDB Advanced Server 8.2 Unitialized Pointer

XF - enterprisedb-debugging-code-execution(36328)

SECUNIA - 26640


Last Updated: 27 May 2016 10:45:56