CVE-2007-0556
https://notcve.org/view.php?id=CVE-2007-0556
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. El planificador de peticiones en PostgreSQL anterior a 8.0.11, 8.1 anterior a 8.1.7, y 8.2 anterior a 8.2.2 no verifica que una tabla sea compatible con un "plan de peticiones realizado previamente", lo cual permite a usuarios autenticados remotamente provocar una denegación de servicio (caída del servidor) y posiblemente acceder a contenido de la base de datos mediante una sentencia SQL "ALTER COLUMN TYPE", lo cual puede ser aprovechado para leer memoria de su elección del servidor. • http://fedoranews.org/cms/node/2554 http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html http://osvdb.org/33302 http://secunia.com/advisories/24028 http://secunia.com/advisories/24033 http://secunia.com/advisories/24042 http://secunia.com/advisories/24050 http://secunia.com/advisories/24057 http://secunia.com/advisories/24151 http://secunia.com/advisories/24315 http://secunia.com/advisories/24513 http://secunia.com/advisories/24577 http://secunia •
CVE-2006-5540
https://notcve.org/view.php?id=CVE-2006-5540
backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization." El fichero backend/parser/analyze.c en PostgreSQL 8.1.x versiones anteriores a 8.1.5 permite a usuarios remotos sin autenticar provocar una denegación de servicio (daemon crash) mediante funciones agregadas concretas en una sentencia UPDATE, que no han sido debidamente tratadas durante una "optimización de índices MIN/MAX." • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://projects.commandprompt.com/public/pgsql/changeset/25504 http://secunia.com/advisories/22562 http://secunia.com/advisories/22584 http://secunia.com/advisories/22606 http://secunia.com/advisories/22636 http://secunia.com/advisories/23048 http://secunia.com/advisories/23132 http://secunia.com/advisories/24094 http://secunia.com/advisories/24284 http://secunia.com/advisories/24577 http://securitytracker.co •
CVE-2002-1401
https://notcve.org/view.php?id=CVE-2002-1401
Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow. Desbordamientos de búfer en PostgreSQL 6.3.2 a 7.2.3 en las funciones geo circle_poly(), path_encode y path_add (también definida incorrectamente como path_addr permite a atacantes causar una denegación de servicio y posiblemente ejecutar código arbitrario, posiblemente como resultado de un desbordamiento de número entero. • http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.php http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524 http://secunia.com/advisories/8034 http://www.debian.org/security/2002/dsa-165 http://www.redhat.com/support/errata/RHSA-2003-001.html https://access.redhat.com/security/cve/CVE-2002-1401 https://bugzilla.redhat.com/show_bug.cgi?id=1616913 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2002-1397
https://notcve.org/view.php?id=CVE-2002-1397
Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow. Desbordamiento de búfer en la función cash_words() en PostgreSQL 7.2 y anteriores permite a usuarios locales causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante un argurmento malformado. • http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524 http://marc.info/?l=bugtraq&m=102977465204357&w=2 http://secunia.com/advisories/8034 http://www.redhat.com/support/errata/RHSA-2003-001.html http://www.securityfocus.com/bid/5497 https://exchange.xforce.ibmcloud.com/vulnerabilities/9891 https://access.redhat.com/security/cve/CVE-2002-1397 https:// •
CVE-2002-1402
https://notcve.org/view.php?id=CVE-2002-1402
Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code. Desbordamiento de búfer en las variables de entorno TZ y SET TIME ZONE de PostgreSQL 7.2.1 y anteriores permiten a usuarios locales causar una denegación de servicio y posiblemente ejecutar código arbitrario. • http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524 http://marc.info/?l=bugtraq&m=103021186622725&w=2 http://marc.info/?l=bugtraq&m=103036987114437&w=2 http://secunia.com/advisories/8034 http://www.debian.org/security/2002/dsa-165 http://www.mandriva.com/security/advisories?name=MDKSA-2002:062 http://www.redhat.com/support/errata/RHSA-2003-001.html https://access.redhat.com/security/cve/ •