Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6067

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6067
Last Modified 06 Feb 2013 10:48:49
Published 09 Jan 2008 04:46:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-6067

Summary

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

Vulnerable Systems

Application

  • Postgresql 7.3

  • Postgresql 7.3.1

  • Postgresql 7.3.10

  • Postgresql 7.3.11

  • Postgresql 7.3.12

  • Postgresql 7.3.13

  • Postgresql 7.3.14

  • Postgresql 7.3.15

  • Postgresql 7.3.16

  • Postgresql 7.3.19

  • Postgresql 7.3.2

  • Postgresql 7.3.3

  • Postgresql 7.3.4

  • Postgresql 7.3.6

  • Postgresql 7.3.8

  • Postgresql 7.3.9

  • Postgresql 7.4

  • Postgresql 7.4.1

  • Postgresql 7.4.10

  • Postgresql 7.4.11

  • Postgresql 7.4.12

  • Postgresql 7.4.13

  • Postgresql 7.4.14

  • Postgresql 7.4.16

  • Postgresql 7.4.17

  • Postgresql 7.4.2

  • Postgresql 7.4.3

  • Postgresql 7.4.4

  • Postgresql 7.4.5

  • Postgresql 7.4.6

  • Postgresql 7.4.7

  • Postgresql 7.4.8

  • Postgresql 7.4.9

  • Postgresql 8.0

  • Postgresql 8.0.1

  • Postgresql 8.0.11

  • Postgresql 8.0.13

  • Postgresql 8.0.2

  • Postgresql 8.0.3

  • Postgresql 8.0.317

  • Postgresql 8.0.4

  • Postgresql 8.0.5

  • Postgresql 8.0.7

  • Postgresql 8.0.8

  • Postgresql 8.0.9

  • Postgresql 8.1.1

  • Postgresql 8.1.3

  • Postgresql 8.1.4

  • Postgresql 8.1.5

  • Postgresql 8.1.7

  • Postgresql 8.1.8

  • Postgresql 8.1.9

  • Postgresql 8.2

  • Postgresql 8.2.2

  • Postgresql 8.2.3

  • Postgresql 8.2.4

  • Tcl Tk 8.4.16


References

BID - 27163

XF - postgresql-complex-expression-dos(39498)

VUPEN - ADV-2008-1071

VUPEN - ADV-2008-0109

VUPEN - ADV-2008-0061

CONFIRM - http://www.postgresql.org/about/news.905

MANDRIVA - MDVSA-2008:004

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

SECTRACK - 1019157

SECUNIA - 28359

HP - HPSBTU02325

FEDORA - FEDORA-2008-0552

FEDORA - FEDORA-2008-0478

CONFIRM - https://issues.rpath.com/browse/RPL-1768

UBUNTU - USN-568-1

BUGTRAQ - 20080115 rPSA-2008-0016-1 postgresql postgresql-server

BUGTRAQ - 20080107 PostgreSQL 2007-01-07 Cumulative Security Release

REDHAT - RHSA-2008:0040

REDHAT - RHSA-2008:0038

DEBIAN - DSA-1463

DEBIAN - DSA-1460

SUNALERT - 200559

SUNALERT - 103197

GENTOO - GLSA-200801-15

SECUNIA - 29638

SECUNIA - 28698

SECUNIA - 28679

SECUNIA - 28479

SECUNIA - 28477

SECUNIA - 28464

SECUNIA - 28455

SECUNIA - 28454

SECUNIA - 28438

SECUNIA - 28437

SECUNIA - 28376

SUSE - SUSE-SA:2008:005

REDHAT - RHSA-2013:0122

HP - SSRT080006

Related Patches

Red Hat 2013:0122-01 RHSA Moderate: tcl security and bug fix update for RHEL 5 x86

Novell SUSE 2008:4962 postgresql security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:58:32