Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4772

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2007-4772
Last Modified 30 Aug 2013 01:33:51
Published 09 Jan 2008 04:46:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-4772

Summary

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.

Vulnerable Systems

Application

  • Postgresql 7.4

  • Postgresql 7.4.1

  • Postgresql 7.4.10

  • Postgresql 7.4.11

  • Postgresql 7.4.12

  • Postgresql 7.4.13

  • Postgresql 7.4.14

  • Postgresql 7.4.16

  • Postgresql 7.4.17

  • Postgresql 7.4.18

  • Postgresql 7.4.2

  • Postgresql 7.4.3

  • Postgresql 7.4.4

  • Postgresql 7.4.5

  • Postgresql 7.4.6

  • Postgresql 7.4.7

  • Postgresql 7.4.8

  • Postgresql 7.4.9

  • Postgresql 8.0

  • Postgresql 8.0.1

  • Postgresql 8.0.11

  • Postgresql 8.0.13

  • Postgresql 8.0.14

  • Postgresql 8.0.2

  • Postgresql 8.0.3

  • Postgresql 8.0.317

  • Postgresql 8.0.4

  • Postgresql 8.0.5

  • Postgresql 8.0.7

  • Postgresql 8.0.8

  • Postgresql 8.0.9

  • Postgresql 8.1.1

  • Postgresql 8.1.10

  • Postgresql 8.1.3

  • Postgresql 8.1.4

  • Postgresql 8.1.5

  • Postgresql 8.1.7

  • Postgresql 8.1.8

  • Postgresql 8.1.9

  • Postgresql 8.2

  • Postgresql 8.2.2

  • Postgresql 8.2.3

  • Postgresql 8.2.4

  • Postgresql 8.2.5

  • Tcl Tk 8.4.16


References

XF - postgresql-regular-expression-dos(39497)

BID - 27163

FEDORA - FEDORA-2008-0552

FEDORA - FEDORA-2008-0478

CONFIRM - https://issues.rpath.com/browse/RPL-1768

VUPEN - ADV-2008-1744

VUPEN - ADV-2008-1071

VUPEN - ADV-2008-0109

VUPEN - ADV-2008-0061

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0009.html

UBUNTU - USN-568-1

BUGTRAQ - 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

BUGTRAQ - 20080115 rPSA-2008-0016-1 postgresql postgresql-server

BUGTRAQ - 20080107 PostgreSQL 2007-01-07 Cumulative Security Release

REDHAT - RHSA-2008:0134

REDHAT - RHSA-2008:0040

REDHAT - RHSA-2008:0038

CONFIRM - http://www.postgresql.org/about/news.905

MANDRIVA - MDVSA-2008:059

MANDRIVA - MDVSA-2008:004

DEBIAN - DSA-1463

DEBIAN - DSA-1460

SUNALERT - 200559

SUNALERT - 103197

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

SECTRACK - 1019157

GENTOO - GLSA-200801-15

SECUNIA - 30535

SECUNIA - 29638

SECUNIA - 29248

SECUNIA - 29070

SECUNIA - 28698

SECUNIA - 28679

SECUNIA - 28479

SECUNIA - 28477

SECUNIA - 28464

SECUNIA - 28455

SECUNIA - 28454

SECUNIA - 28438

SECUNIA - 28437

SECUNIA - 28376

SECUNIA - 28359

SUSE - SUSE-SA:2008:005

HP - SSRT080006

HP - HPSBTU02325

REDHAT - RHSA-2013:0122

Related Patches

Red Hat 2013:0122-01 RHSA Moderate: tcl security and bug fix update for RHEL 5 x86

Novell SUSE 2008:4962 postgresql security update for SLE 10 SP1 i586

VMware VMSA 2008-0009.2 VMware Fusion 2.0.1 Update for Mac (Rev 2)


Last Updated: 27 May 2016 10:58:32