CVE-2010-1975 – postgresql: improper privilege check during certain RESET ALL operations
https://notcve.org/view.php?id=CVE-2010-1975
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement. PostgreSQL v7.4 anterior a v7.4.29, v8.0 anterior a v8.0.25, v8.1 anterior a v8.1.21, v8.2 anterior a v8.2.17, v8.3 anterior a v8.3.11, y v8.4 anterior a v8.4.4 no valida adecuadamente los privilegios durante ciertas operaciones RESET ALL, lo cual permite a usuarios remotos autenticados borrar parametros de configuración a su elección a través de las instrucciónes (1) ALTER USER o (2) ALTER DATABASE. • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://secunia.com/advisories/39939 http://www.debian.org/security/2010/dsa-2051 http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 http://www.postgresql.org/docs/current/static/release-7-4-29.html http://www.postgresql.org/docs/current/static/release-8-0-25.html http://www.postgresql.org/docs/current/static/release-8-1-21.html http: • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0733 – PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service
https://notcve.org/view.php?id=CVE-2010-0733
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations. Desbordamiento de entero en src/backend/executor/nodeHash.c en PostgreSQL v8.4.1 y anteriores, y v8.5 hasta v8.5alpha2, permite a usuarios autenticados provocar una denegación de servicio (caída de demonio) a través de la declaración SELECT con muchas claúsulas LEFT JOIN, relacionados con ciertos cálculos del tamaño de tabla hash. PostgreSQL versions 8.4.1 suffer from a JOIN hashtable size integer overflow denial of service vulnerability. • https://www.exploit-db.com/exploits/33729 http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=64b057e6823655fb6c5d1f24a28f236b94dd6c54 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2010-0442 – PostgreSQL - 'bitsubstr' Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0442
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow." La función bitsubstr en backend/utils/adt/varbit.c en PostgreSQL v8.0.23, v8.1.11 y v8.3.8 permite a usuarios remotos autenticados causar una denegación de servicio (cuelgue del demonio) o tener otro impacto no especificado a través de vectores que implican un entero negativo en el tercer argumento, como lo demuestra una instrucción SELECT que contiene una llamada a la función substring de una cadena de bits, relacionado con un desbordamiento. • https://www.exploit-db.com/exploits/33571 http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83 http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html http • CWE-189: Numeric Errors •
CVE-2009-4136 – postgresql: SQL privilege escalation via modifications to session-local state
https://notcve.org/view.php?id=CVE-2009-4136
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. PostgreSQL v7.4.x anteriores a v7.4.27, v8.0.x anteriores a v8.0.23, v8.1.x anteriores a v8.1.19, v8.2.x anteriores a v8.2.15, v8.3.x anteriores a v8.3.9, y v8.4.x anteriores a v8.4.2 no gestiona adecuadamente el estado de la sesión local durante la ejecución de una función de indexado por parte de un superusuario de base de datos, lo que permite a usuarios remotos autenticados conseguir ganar privilegios a través de una tabla con las funcione de indexado manipuladas, como se demuestra en las funciones (1) search_path o (2) una declaración, un asunto relacionado con CVE-2007-6600 y CVE-2009-3230. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://osvdb.org/61039 http://secunia.com/advisories/37663 http://secunia.com/advisories/39820 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 http://www.postgresql.org/docs/current/static/release-7-4-27.html http://www.postgresql.org/docs/current/static/release-8-0-23.html http: •
CVE-2009-4034
https://notcve.org/view.php?id=CVE-2009-4034
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. PostgreSQL v7.4.x anteriores a v7.4.27, v8.0.x anteriores a v8.0.23, v8.1.x anteriores a v8.1.19, v8.2.x anteriores a v8.2.15, v8.3.x anteriores a v8.3.9, y v8.4.x anteriores a v8.4.2 no maneja adecuadamente un caracter '/0' en el nombre de dominio en el campo "subject" del Nombre Común (CN) de un certificado X.509, lo que permite (1) a atacantes man-in-the-middle falsificar a conveniencia los servidores PostgreSQL basados en SSL a través de un certificado de servidor manipulado obtenido a través de una autoridad certificadora legitima, y (2)permite a atacantes remotos evitar las restricciones cliente-hostname a través de un certificado manipulado obtenido a través de una autoridad certificadora legitima, un asunto relacionado con CVE-2009-2408. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://marc.info/?l=bugtraq&m=134124585221119&w=2 http://osvdb.org/61038 http://secunia.com/advisories/37663 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 http://www.postgresql.org/docs/current/static/release-7-4-27.html http://www.postgresql.org/docs/current/static/release-8-0-23.html http://www.postgresql.org/docs/current/ • CWE-310: Cryptographic Issues •