PostgreSQL Processing Bugs Let Remote Authenticated Users Deny Service
|
|
SecurityTracker Alert ID: 1017115
|
|
SecurityTracker URL: http://securitytracker.com/id?1017115
|
|
CVE Reference: CVE-2006-5540
, CVE-2006-5541
, CVE-2006-5542
(Links to External Site)
|
Updated: Jun 2 2008
|
Original Entry Date: Oct 25 2006
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 8.1.x prior to 8.1.5, 8.0 prior to 8.0.9, 7.4.x prior to 7.4.14, 7.3.x prior to 7.3.16
|
Description: A vulnerability was reported in PostgreSQL. A remote authenticated user can cause denial of service conditions.
The system does not properly process ANYARRAY types, UPDATE commands, and duration logging messages for a V3-protocol Execute message. A remote authenticated user can send specially crafted data to cause the target service to crash.
|
Impact: A remote authenticated user can cause denial of service conditions.
|
Solution: The vendor has issued fixed versions (8.1.5, 8.0.9, 7.4.14, 7.3.16).
The PostgreSQL advisory is available at:
http://www.postgresql.org/about/news.664
|
Vendor URL: www.postgresql.org/about/news.664 (Links to External Site)
|
Cause: Exception handling error, Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 25 Oct 2006 08:37:40 -0400
Subject: New PostgreSQL Minor Versions Released
|
http://www.postgresql.org/about/news.664
... three different crash vulnerabilities ...
|
|
