CVE-2007-0556

Severity Score

6.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

El planificador de peticiones en PostgreSQL anterior a 8.0.11, 8.1 anterior a 8.1.7, y 8.2 anterior a 8.2.2 no verifica que una tabla sea compatible con un "plan de peticiones realizado previamente", lo cual permite a usuarios autenticados remotamente provocar una denegación de servicio (caída del servidor) y posiblemente acceder a contenido de la base de datos mediante una sentencia SQL "ALTER COLUMN TYPE", lo cual puede ser aprovechado para leer memoria de su elección del servidor.

*Credits: N/A

CVSS Scores

NISTv2 6.6

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-01-29 CVE Reserved
2007-02-06 CVE Published
2024-07-01 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (36)

URL	Tag	Source
http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html	Mailing List
http://osvdb.org/33302	Vdb Entry
http://secunia.com/advisories/24028	Third Party Advisory
http://secunia.com/advisories/24042	Third Party Advisory
http://secunia.com/advisories/24050	Third Party Advisory
http://secunia.com/advisories/24057	Third Party Advisory
http://secunia.com/advisories/24151	Third Party Advisory
http://secunia.com/advisories/24315	Third Party Advisory
http://secunia.com/advisories/24513	Third Party Advisory
http://secunia.com/advisories/24577	Third Party Advisory
http://secunia.com/advisories/25220	Third Party Advisory
http://securitytracker.com/id?1017597	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm	X_refsource_confirm
http://www.postgresql.org/support/security	X_refsource_confirm
http://www.securityfocus.com/archive/1/459280/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/459448/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/22387	Vdb Entry
http://www.vupen.com/english/advisories/2007/0478	Vdb Entry
http://www.vupen.com/english/advisories/2007/0774	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/32191	Vdb Entry
https://issues.rpath.com/browse/RPL-1025	X_refsource_confirm
https://issues.rpath.com/browse/RPL-830	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11353	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://fedoranews.org/cms/node/2554	2018-10-16
http://secunia.com/advisories/24033	2018-10-16
http://security.gentoo.org/glsa/glsa-200703-15.xml	2018-10-16
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1	2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:037	2018-10-16
http://www.novell.com/linux/security/advisories/2007_10_sr.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0067.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0068.html	2018-10-16
http://www.trustix.org/errata/2007/0007	2018-10-16
http://www.ubuntu.com/usn/usn-417-2	2018-10-16
https://usn.ubuntu.com/417-1	2018-10-16
https://access.redhat.com/security/cve/CVE-2007-0556	2007-03-14
https://bugzilla.redhat.com/show_bug.cgi?id=1618270	2007-03-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				1.0 Search vendor "Postgresql" for product "Postgresql" and version "1.0"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				1.01 Search vendor "Postgresql" for product "Postgresql" and version "1.01"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				1.02 Search vendor "Postgresql" for product "Postgresql" and version "1.02"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				1.09 Search vendor "Postgresql" for product "Postgresql" and version "1.09"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.0 Search vendor "Postgresql" for product "Postgresql" and version "6.0"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.1 Search vendor "Postgresql" for product "Postgresql" and version "6.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.1.1 Search vendor "Postgresql" for product "Postgresql" and version "6.1.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.2 Search vendor "Postgresql" for product "Postgresql" and version "6.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.2.1 Search vendor "Postgresql" for product "Postgresql" and version "6.2.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.3 Search vendor "Postgresql" for product "Postgresql" and version "6.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.3.1 Search vendor "Postgresql" for product "Postgresql" and version "6.3.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.3.2 Search vendor "Postgresql" for product "Postgresql" and version "6.3.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.4 Search vendor "Postgresql" for product "Postgresql" and version "6.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.4.1 Search vendor "Postgresql" for product "Postgresql" and version "6.4.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.4.2 Search vendor "Postgresql" for product "Postgresql" and version "6.4.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.5 Search vendor "Postgresql" for product "Postgresql" and version "6.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.5.1 Search vendor "Postgresql" for product "Postgresql" and version "6.5.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.5.2 Search vendor "Postgresql" for product "Postgresql" and version "6.5.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				6.5.3 Search vendor "Postgresql" for product "Postgresql" and version "6.5.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.0 Search vendor "Postgresql" for product "Postgresql" and version "7.0"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.0.1 Search vendor "Postgresql" for product "Postgresql" and version "7.0.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.0.2 Search vendor "Postgresql" for product "Postgresql" and version "7.0.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.0.3 Search vendor "Postgresql" for product "Postgresql" and version "7.0.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.1 Search vendor "Postgresql" for product "Postgresql" and version "7.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.1.1 Search vendor "Postgresql" for product "Postgresql" and version "7.1.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.1.2 Search vendor "Postgresql" for product "Postgresql" and version "7.1.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.1.3 Search vendor "Postgresql" for product "Postgresql" and version "7.1.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.2 Search vendor "Postgresql" for product "Postgresql" and version "7.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.2.1 Search vendor "Postgresql" for product "Postgresql" and version "7.2.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.2.2 Search vendor "Postgresql" for product "Postgresql" and version "7.2.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.2.3 Search vendor "Postgresql" for product "Postgresql" and version "7.2.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.2.4 Search vendor "Postgresql" for product "Postgresql" and version "7.2.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.2.5 Search vendor "Postgresql" for product "Postgresql" and version "7.2.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.2.6 Search vendor "Postgresql" for product "Postgresql" and version "7.2.6"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.2.7 Search vendor "Postgresql" for product "Postgresql" and version "7.2.7"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.2.8 Search vendor "Postgresql" for product "Postgresql" and version "7.2.8"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3 Search vendor "Postgresql" for product "Postgresql" and version "7.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.1 Search vendor "Postgresql" for product "Postgresql" and version "7.3.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.2 Search vendor "Postgresql" for product "Postgresql" and version "7.3.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.3 Search vendor "Postgresql" for product "Postgresql" and version "7.3.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.4 Search vendor "Postgresql" for product "Postgresql" and version "7.3.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.5 Search vendor "Postgresql" for product "Postgresql" and version "7.3.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.6 Search vendor "Postgresql" for product "Postgresql" and version "7.3.6"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.7 Search vendor "Postgresql" for product "Postgresql" and version "7.3.7"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.8 Search vendor "Postgresql" for product "Postgresql" and version "7.3.8"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.9 Search vendor "Postgresql" for product "Postgresql" and version "7.3.9"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.10 Search vendor "Postgresql" for product "Postgresql" and version "7.3.10"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.11 Search vendor "Postgresql" for product "Postgresql" and version "7.3.11"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.12 Search vendor "Postgresql" for product "Postgresql" and version "7.3.12"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.13 Search vendor "Postgresql" for product "Postgresql" and version "7.3.13"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.14 Search vendor "Postgresql" for product "Postgresql" and version "7.3.14"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.15 Search vendor "Postgresql" for product "Postgresql" and version "7.3.15"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.16 Search vendor "Postgresql" for product "Postgresql" and version "7.3.16"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.17 Search vendor "Postgresql" for product "Postgresql" and version "7.3.17"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.3.18 Search vendor "Postgresql" for product "Postgresql" and version "7.3.18"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4 Search vendor "Postgresql" for product "Postgresql" and version "7.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.1 Search vendor "Postgresql" for product "Postgresql" and version "7.4.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.2 Search vendor "Postgresql" for product "Postgresql" and version "7.4.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.3 Search vendor "Postgresql" for product "Postgresql" and version "7.4.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.4 Search vendor "Postgresql" for product "Postgresql" and version "7.4.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.5 Search vendor "Postgresql" for product "Postgresql" and version "7.4.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.6 Search vendor "Postgresql" for product "Postgresql" and version "7.4.6"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.7 Search vendor "Postgresql" for product "Postgresql" and version "7.4.7"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.8 Search vendor "Postgresql" for product "Postgresql" and version "7.4.8"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.9 Search vendor "Postgresql" for product "Postgresql" and version "7.4.9"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.10 Search vendor "Postgresql" for product "Postgresql" and version "7.4.10"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.11 Search vendor "Postgresql" for product "Postgresql" and version "7.4.11"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.12 Search vendor "Postgresql" for product "Postgresql" and version "7.4.12"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.13 Search vendor "Postgresql" for product "Postgresql" and version "7.4.13"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.14 Search vendor "Postgresql" for product "Postgresql" and version "7.4.14"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.15 Search vendor "Postgresql" for product "Postgresql" and version "7.4.15"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				7.4.16 Search vendor "Postgresql" for product "Postgresql" and version "7.4.16"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.0 Search vendor "Postgresql" for product "Postgresql" and version "8.0"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.0.1 Search vendor "Postgresql" for product "Postgresql" and version "8.0.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.0.2 Search vendor "Postgresql" for product "Postgresql" and version "8.0.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.0.3 Search vendor "Postgresql" for product "Postgresql" and version "8.0.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.0.4 Search vendor "Postgresql" for product "Postgresql" and version "8.0.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.0.5 Search vendor "Postgresql" for product "Postgresql" and version "8.0.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.0.6 Search vendor "Postgresql" for product "Postgresql" and version "8.0.6"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.0.7 Search vendor "Postgresql" for product "Postgresql" and version "8.0.7"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.0.8 Search vendor "Postgresql" for product "Postgresql" and version "8.0.8"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.0.9 Search vendor "Postgresql" for product "Postgresql" and version "8.0.9"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.0.10 Search vendor "Postgresql" for product "Postgresql" and version "8.0.10"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.1 Search vendor "Postgresql" for product "Postgresql" and version "8.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.1.1 Search vendor "Postgresql" for product "Postgresql" and version "8.1.1"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.1.2 Search vendor "Postgresql" for product "Postgresql" and version "8.1.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.1.3 Search vendor "Postgresql" for product "Postgresql" and version "8.1.3"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.1.4 Search vendor "Postgresql" for product "Postgresql" and version "8.1.4"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.1.5 Search vendor "Postgresql" for product "Postgresql" and version "8.1.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.1.6 Search vendor "Postgresql" for product "Postgresql" and version "8.1.6"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.2 Search vendor "Postgresql" for product "Postgresql" and version "8.2"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				8.2.1 Search vendor "Postgresql" for product "Postgresql" and version "8.2.1"		-		Affected