Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4769

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4769
Last Modified 10 Aug 2011 12:00:00
Published 09 Jan 2008 04:46:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-4769

Summary

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.

Vulnerable Systems

Application

  • Postgresql 7.3

  • Postgresql 7.3.1

  • Postgresql 7.3.10

  • Postgresql 7.3.11

  • Postgresql 7.3.12

  • Postgresql 7.3.13

  • Postgresql 7.3.14

  • Postgresql 7.3.15

  • Postgresql 7.3.16

  • Postgresql 7.3.19

  • Postgresql 7.3.2

  • Postgresql 7.3.3

  • Postgresql 7.3.4

  • Postgresql 7.3.6

  • Postgresql 7.3.8

  • Postgresql 7.3.9

  • Postgresql 7.4

  • Postgresql 7.4.1

  • Postgresql 7.4.10

  • Postgresql 7.4.11

  • Postgresql 7.4.12

  • Postgresql 7.4.13

  • Postgresql 7.4.14

  • Postgresql 7.4.16

  • Postgresql 7.4.17

  • Postgresql 7.4.2

  • Postgresql 7.4.3

  • Postgresql 7.4.4

  • Postgresql 7.4.5

  • Postgresql 7.4.6

  • Postgresql 7.4.7

  • Postgresql 7.4.8

  • Postgresql 7.4.9

  • Postgresql 8.0

  • Postgresql 8.0.1

  • Postgresql 8.0.11

  • Postgresql 8.0.13

  • Postgresql 8.0.2

  • Postgresql 8.0.3

  • Postgresql 8.0.317

  • Postgresql 8.0.4

  • Postgresql 8.0.5

  • Postgresql 8.0.7

  • Postgresql 8.0.8

  • Postgresql 8.0.9

  • Postgresql 8.1.1

  • Postgresql 8.1.3

  • Postgresql 8.1.4

  • Postgresql 8.1.5

  • Postgresql 8.1.7

  • Postgresql 8.1.8

  • Postgresql 8.1.9

  • Postgresql 8.2

  • Postgresql 8.2.2

  • Postgresql 8.2.3

  • Postgresql 8.2.4

  • Tcl Tk 8.4.16


References

BID - 27163

FEDORA - FEDORA-2008-0552

FEDORA - FEDORA-2008-0478

CONFIRM - https://issues.rpath.com/browse/RPL-1768

XF - postgresql-backref-dos(39499)

VUPEN - ADV-2008-1071

VUPEN - ADV-2008-0109

VUPEN - ADV-2008-0061

UBUNTU - USN-568-1

BUGTRAQ - 20080115 rPSA-2008-0016-1 postgresql postgresql-server

BUGTRAQ - 20080107 PostgreSQL 2007-01-07 Cumulative Security Release

REDHAT - RHSA-2008:0040

REDHAT - RHSA-2008:0038

CONFIRM - http://www.postgresql.org/about/news.905

MANDRIVA - MDVSA-2008:004

DEBIAN - DSA-1463

DEBIAN - DSA-1460

SUNALERT - 200559

SUNALERT - 103197

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

SECTRACK - 1019157

GENTOO - GLSA-200801-15

SECUNIA - 29638

SECUNIA - 28698

SECUNIA - 28679

SECUNIA - 28479

SECUNIA - 28477

SECUNIA - 28464

SECUNIA - 28455

SECUNIA - 28454

SECUNIA - 28438

SECUNIA - 28437

SECUNIA - 28376

SECUNIA - 28359

SUSE - SUSE-SA:2008:005

HP - SSRT080006

HP - HPSBTU02325

Related Patches

Novell SUSE 2008:4962 postgresql security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 11:02:30