CVE-2009-4136 – postgresql: SQL privilege escalation via modifications to session-local state
https://notcve.org/view.php?id=CVE-2009-4136
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. PostgreSQL v7.4.x anteriores a v7.4.27, v8.0.x anteriores a v8.0.23, v8.1.x anteriores a v8.1.19, v8.2.x anteriores a v8.2.15, v8.3.x anteriores a v8.3.9, y v8.4.x anteriores a v8.4.2 no gestiona adecuadamente el estado de la sesión local durante la ejecución de una función de indexado por parte de un superusuario de base de datos, lo que permite a usuarios remotos autenticados conseguir ganar privilegios a través de una tabla con las funcione de indexado manipuladas, como se demuestra en las funciones (1) search_path o (2) una declaración, un asunto relacionado con CVE-2007-6600 y CVE-2009-3230. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://osvdb.org/61039 http://secunia.com/advisories/37663 http://secunia.com/advisories/39820 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 http://www.postgresql.org/docs/current/static/release-7-4-27.html http://www.postgresql.org/docs/current/static/release-8-0-23.html http: •
CVE-2009-4034
https://notcve.org/view.php?id=CVE-2009-4034
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. PostgreSQL v7.4.x anteriores a v7.4.27, v8.0.x anteriores a v8.0.23, v8.1.x anteriores a v8.1.19, v8.2.x anteriores a v8.2.15, v8.3.x anteriores a v8.3.9, y v8.4.x anteriores a v8.4.2 no maneja adecuadamente un caracter '/0' en el nombre de dominio en el campo "subject" del Nombre Común (CN) de un certificado X.509, lo que permite (1) a atacantes man-in-the-middle falsificar a conveniencia los servidores PostgreSQL basados en SSL a través de un certificado de servidor manipulado obtenido a través de una autoridad certificadora legitima, y (2)permite a atacantes remotos evitar las restricciones cliente-hostname a través de un certificado manipulado obtenido a través de una autoridad certificadora legitima, un asunto relacionado con CVE-2009-2408. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://osvdb.org/61038 http://secunia.com/advisories/37663 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 http://www.postgresql.org/docs/current/static/release-7-4-27.html http://www.postgresql.org/docs/current/static/release-8-0-23.html http://www.postgresql.org/docs/current/ • CWE-310: Cryptographic Issues •
CVE-2009-3230 – postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600
https://notcve.org/view.php?id=CVE-2009-3230
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. El componente core server en PostgreSQL desde v8.4 anteriores a v8.4.1, desde v8.3 anteriores a v8.3.8, desde v8.2 anteriores a v8.2.14, desde v8.1 anteriores a v8.1.18, desde v8.0 anteriores a v8.0.22, y v7.4 anteriores a v7.4.26 no maneja adecuadamente los privilegios para las operaciones (1)BORRADO DE ROL (2)BORRADO DE AUTORIZACIÓN DE SESIÓN, lo que permite a usuarios remotos autenticados ganar privilegios. NOTA: Esto es debido a un arreglo incompleto de CVE-2007-6600. • http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://secunia.com/advisories/36660 http://secunia.com/advisories/36695 http://secunia.com/advisories/36727 http://secunia.com/advisories/36800 http://secunia.com/advisories/36837 http://sunsolve.sun.com/search/document.do • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-6067 – postgresql: tempory DoS caused by slow regex NFA cleanup
https://notcve.org/view.php?id=CVE-2007-6067
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states. Vulnerabilidad de complejidad algorítmica en el analizador de la expresión regular en TCL en versiones anteriores a 8.4.17, tal como se utiliza en PostgreSQL 8.2 en versiones anteriores a 8.2.6, 8.1 en versiones anteriores a 8.1.11, 8.0 en versiones anteriores a 8.0.15 y 7.4 en versiones anteriores a 7.4.19, permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de memoria) a través de una expresión regular "compleja" manipulada con estados doblemente anidados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://rhn.redhat.com/errata/RHSA-2013-0122.html http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http: • CWE-189: Numeric Errors •
CVE-2007-4772 – postgresql DoS via infinite loop in regex NFA optimization code
https://notcve.org/view.php?id=CVE-2007-4772
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. El intérprete de expresiones regulares en TCL en versiones anteriores a 8.4.17, como se utiliza en PostgreSQL 8.2 en versiones anteriores a 8.2.6, 8.1 en versiones anteriores a 8.1.11, 8.0 en versiones anteriores a 8.0.15 y 7.4 en versiones anteriores a 7.4.19, permite a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito) a través de una expresión regular manipulada. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •