CVE-2005-1410
CVSS2.1
发布时间 :2005-05-03 00:00:00
修订时间 :2011-03-07 21:21:44
NMCOPS    

[原文]The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.


[CNNVD]PostgreSQL TSearch2设计错误漏洞(CNNVD-200505-845)

        PostgreSQL 7.4至8.0.x版本中的tsearch2模块, 将(1)dex_init,(2)snb_en_init,(3)snb_ru_init,(4)spell_init和(5)syn_init函数声明为"内部"函数,即便它们并未使用内部参数,攻击者可以通过SQL命令调用其他可以接受内部参数的函数,来发起拒绝服务攻击(应用系统崩溃)并可能还有其他影响。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:postgresql:postgresql:7.4.7PostgreSQL PostgreSQL 7.4.7
cpe:/a:postgresql:postgresql:7.4PostgreSQL PostgreSQL 7.4
cpe:/a:postgresql:postgresql:8.0.2PostgreSQL PostgreSQL 8.0.2
cpe:/a:postgresql:postgresql:7.4.3PostgreSQL PostgreSQL 7.4.3
cpe:/a:postgresql:postgresql:7.4.6PostgreSQL PostgreSQL 7.4.6
cpe:/a:postgresql:postgresql:8.0PostgreSQL 8.0
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0
cpe:/a:postgresql:postgresql:7.4.5PostgreSQL PostgreSQL 7.4.5
cpe:/a:postgresql:postgresql:8.0.1PostgreSQL PostgreSQL 8.0.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9343The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn...
oval:org.mitre.oval:def:1086PostgreSQL tsearch2 "internal" Functions Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1410
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1410
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-845
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/13475
(PATCH)  BID  13475
http://www.postgresql.org/about/news.315
(PATCH)  CONFIRM  http://www.postgresql.org/about/news.315
http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php
(PATCH)  MLIST  [pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found
http://www.vupen.com/english/advisories/2005/0453
(UNKNOWN)  VUPEN  ADV-2005-0453
http://www.securityfocus.com/archive/1/archive/1/426302/30/6680/threaded
(UNKNOWN)  FEDORA  FLSA-2006:157366
http://www.redhat.com/support/errata/RHSA-2005-433.html
(UNKNOWN)  REDHAT  RHSA-2005:433
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
(UNKNOWN)  SUSE  SUSE-SA:2005:036

- 漏洞信息

PostgreSQL TSearch2设计错误漏洞
低危 设计错误
2005-05-03 00:00:00 2005-10-20 00:00:00
远程  
        PostgreSQL 7.4至8.0.x版本中的tsearch2模块, 将(1)dex_init,(2)snb_en_init,(3)snb_ru_init,(4)spell_init和(5)syn_init函数声明为"内部"函数,即便它们并未使用内部参数,攻击者可以通过SQL命令调用其他可以接受内部参数的函数,来发起拒绝服务攻击(应用系统崩溃)并可能还有其他影响。

- 公告与补丁

        暂无数据

- 漏洞信息 (F39082)

Ubuntu Security Notice 118-1 (PacketStormID:F39082)
2005-08-06 00:00:00
Ubuntu  ubuntu.com
advisory,vulnerability
linux,ubuntu
CVE-2005-1409,CVE-2005-1410
[点击下载]

Ubuntu Security Notice USN-118-1 - Postgresql suffers from multiple vulnerabilities.

===========================================================
Ubuntu Security Notice USN-118-1	       May 04, 2005
postgresql vulnerabilities
CAN-2005-1409, CAN-2005-1410
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

postgresql
postgresql-contrib

The problem can be corrected by upgrading the affected package to
version 7.4.5-3ubuntu0.5 (for Ubuntu 4.10) and 7.4.7-2ubuntu2.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

It was discovered that unprivileged users were allowed to call
internal character conversion functions. However, since these
functions were not designed to be safe against malicious choices of
argument values, this could potentially be exploited to execute
arbitrary code with the privileges of the PostgreSQL server (user
"postgres"). (CAN-2005-1409)

Another vulnerability was found in the "tsearch2" module of
postgresql-contrib. This module declared several functions as
internal, although they did not accept any internal argument; this
breaks the type safety of "internal" by allowing users to construct
SQL commands that invoke other functions accepting "internal"
arguments. This could eventually be exploited to crash the server, or
possibly even execute arbitrary code with the privileges of the
PostgreSQL server. (CAN-2005-1410)

These vulnerabilities must also be fixed in all existing databases
when upgrading. The post-installation script of the updated package
attempts to do this automatically; if the package installs without any
error, all existing databases have been updated to be safe against
above vulnerabilities.  Should the installation fail, please contact
the Ubuntu security team (security@ubuntu.com) immediately.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.5.diff.gz
      Size/MD5:   149709 a5af62a8d94ef9ca4de73597c6843079
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.5.dsc
      Size/MD5:      991 6229c3cc3dce2cd1c8fa5a204f21fcab
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5.orig.tar.gz
      Size/MD5:  9895913 a295885a36ed8e7ec7a7e887218ceabc

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-doc_7.4.5-3ubuntu0.5_all.deb
      Size/MD5:  2256658 bd42a601de3c629f30fa2158df417c1c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.5_amd64.deb
      Size/MD5:   207052 02eb867e6b459d6c5b305d25d2467e6c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.5_amd64.deb
      Size/MD5:    91476 aed90f1d1157f87c85ad6fc5b14cb465
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.5_amd64.deb
      Size/MD5:    49184 ef9c74cc3de5c8043f0d3489f8f8d0a9
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.5_amd64.deb
      Size/MD5:    74092 4316f4092a3258b0b17c9184bb124161
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.5_amd64.deb
      Size/MD5:   116004 d3a2a8dd35207a947621f21081169b92
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.5_amd64.deb
      Size/MD5:   518710 4aa862fa4d05ef90a75ec74a148364d3
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.5_amd64.deb
      Size/MD5:   624828 5627b561d2fdd22c21fb58bdfffa3ec6
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.5_amd64.deb
      Size/MD5:   509694 fad5b78cd93f55d75d1649d4765e11dc
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.5_amd64.deb
      Size/MD5:  3881486 19c81e38a9cd6c2a8e75022125a4b23d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.5_i386.deb
      Size/MD5:   195194 d1f37e56b618156ce6e167a686c3ccce
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.5_i386.deb
      Size/MD5:    85990 6eb859dfe58341abe3e5c0e23be185a7
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.5_i386.deb
      Size/MD5:    48150 b1ac328fde072545a962d39315345e53
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.5_i386.deb
      Size/MD5:    70956 72972bf316675330a17edb0c0f8dd6ee
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.5_i386.deb
      Size/MD5:   109242 a4dd62dbd6670172d4a256fdeaa9fe21
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.5_i386.deb
      Size/MD5:   492482 47155c199d7db99a33fb24a984c7e784
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.5_i386.deb
      Size/MD5:   577944 1a086cdd29f49a50c929d7358c19e06a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.5_i386.deb
      Size/MD5:   502848 8e94333f65f3ff8f7f0c880163c867ca
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.5_i386.deb
      Size/MD5:  3704312 9ca15356bb7764e46a7f869549aeb575

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.5_powerpc.deb
      Size/MD5:   203544 307e942d1b5258b6d97ba928cc7a4cce
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.5_powerpc.deb
      Size/MD5:    93008 3458950c8e2c07e084359a2b108281ab
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.5_powerpc.deb
      Size/MD5:    48890 c089eddb8a89bb7e39e303526be95d2a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.5_powerpc.deb
      Size/MD5:    77566 4ae2087d9e262b6262c463bb7e02a997
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.5_powerpc.deb
      Size/MD5:   110266 ca3ed25e2ebfca05ba76fa56898bb6cb
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.5_powerpc.deb
      Size/MD5:   511404 c32d001ec5d7c8de6dee547e7aa6191f
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.5_powerpc.deb
      Size/MD5:   636960 bdcf9bd6f66ac4bb3ce8352e9e3fe670
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.5_powerpc.deb
      Size/MD5:   506412 579f5abbd512823daa3860124ca8814e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.5_powerpc.deb
      Size/MD5:  4104550 03ce4d3641d35a22e5e68fad67446bed

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.7-2ubuntu2.1.diff.gz
      Size/MD5:   152451 04988036d3cdb8d87566778df45848dc
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.7-2ubuntu2.1.dsc
      Size/MD5:      991 8c8e287a5de6849b6197f8570ab2c016
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.7.orig.tar.gz
      Size/MD5:  9952102 d193c58aef02a745e8657c48038587ac

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-doc_7.4.7-2ubuntu2.1_all.deb
      Size/MD5:  2265342 d73061fba79aaee641e613e68903c5d0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.7-2ubuntu2.1_amd64.deb
      Size/MD5:   207782 cb96bb1a104fc2297eb8ef89b0b0487e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.7-2ubuntu2.1_amd64.deb
      Size/MD5:    94250 aa530a6f3f3f39a2703f92206d480490
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.7-2ubuntu2.1_amd64.deb
      Size/MD5:    54022 829fcc583285ec31c9c0757525bd9dc0
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.7-2ubuntu2.1_amd64.deb
      Size/MD5:    77192 37691c3f94597cff2a2afa4a25764753
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.7-2ubuntu2.1_amd64.deb
      Size/MD5:    95096 3c2d05af2bd3d2c2f9401389843b05e0
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.7-2ubuntu2.1_amd64.deb
      Size/MD5:   346814 c7b1c672b83fda570f606bcb68ed1015
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.7-2ubuntu2.1_amd64.deb
      Size/MD5:   649922 a7624f8c757bf1ab6ef4c66b3e100f82
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.7-2ubuntu2.1_amd64.deb
      Size/MD5:   515198 dbe1d3be33201a058e2436675c7962a6
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.7-2ubuntu2.1_amd64.deb
      Size/MD5:  3093788 7c00f7433ae47e4d0f29ac6211c28b08

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.7-2ubuntu2.1_i386.deb
      Size/MD5:   203614 5413c87292dc8dd06c3340e32bd9180f
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.7-2ubuntu2.1_i386.deb
      Size/MD5:    91634 3ec1b7ce7e1179643ffd661d90b929e7
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.7-2ubuntu2.1_i386.deb
      Size/MD5:    53196 9b19a2a115ad041392c290d370b96901
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.7-2ubuntu2.1_i386.deb
      Size/MD5:    75158 ab62acb14da5cd78496e937575c48ed4
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.7-2ubuntu2.1_i386.deb
      Size/MD5:    90470 ffe055c2ad8f777a8b0cfb2be40297a3
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.7-2ubuntu2.1_i386.deb
      Size/MD5:   318670 580b39a9764f0d39fec6dee69762ef62
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.7-2ubuntu2.1_i386.deb
      Size/MD5:   612580 d6825b89775d59efced1dafa9e5f3b1c
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.7-2ubuntu2.1_i386.deb
      Size/MD5:   509506 103af93f11eef6c977dbb50b06006b7a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.7-2ubuntu2.1_i386.deb
      Size/MD5:  2955512 5426ad09bf89c5c74d76232d9c6bb2b0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.7-2ubuntu2.1_powerpc.deb
      Size/MD5:   208342 b49245522620ce33b64b8c6a047c5e8b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.7-2ubuntu2.1_powerpc.deb
      Size/MD5:    98220 bea5adfd18814e1e2aec718a7ecf5428
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.7-2ubuntu2.1_powerpc.deb
      Size/MD5:    53116 b497334e0cb23553593b9411b98620d6
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.7-2ubuntu2.1_powerpc.deb
      Size/MD5:    82354 d584607238832ee98323f18d738db254
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.7-2ubuntu2.1_powerpc.deb
      Size/MD5:    93072 3416dfadebb569fba851c1bfab184463
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.7-2ubuntu2.1_powerpc.deb
      Size/MD5:   352418 60c692d77ef79ab8dce69fbe8b937381
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.7-2ubuntu2.1_powerpc.deb
      Size/MD5:   681088 6f04a4c4dd4092f8c45d805a30896137
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.7-2ubuntu2.1_powerpc.deb
      Size/MD5:   512420 d900231978b04798d4def26bd4c1c01e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.7-2ubuntu2.1_powerpc.deb
      Size/MD5:  3404684 f93ab098149970b36a963805f1b6f059
    

- 漏洞信息 (F38419)

Gentoo Linux Security Advisory 200505-12 (PacketStormID:F38419)
2005-07-02 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-1409,CVE-2005-1410
[点击下载]

Gentoo Linux Security Advisory GLSA 200505-12 - PostgreSQL gives public EXECUTE access to a number of character conversion routines, but doesn't validate the given arguments (CVE-2005-1409). It has also been reported that the contrib/tsearch2 module of PostgreSQL misdeclares the return value of some functions as internal (CVE-2005-1410). Versions less than 8.0.2-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200505-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: PostgreSQL: Multiple vulnerabilities
      Date: May 15, 2005
      Bugs: #91231
        ID: 200505-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

PostgreSQL is vulnerable to Denial of Service attacks and possibly
allows unprivileged users to gain administrator rights.

Background
==========

PostgreSQL is a SQL compliant, open source object-relational database
management system.

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  dev-db/postgresql     < 8.0.2-r1                     *>= 7.4.7-r2
                                                          *>= 8.0.1-r3
                                                           >= 8.0.2-r1

Description
===========

PostgreSQL gives public EXECUTE access to a number of character
conversion routines, but doesn't validate the given arguments
(CAN-2005-1409). It has also been reported that the contrib/tsearch2
module of PostgreSQL misdeclares the return value of some functions as
"internal" (CAN-2005-1410).

Impact
======

An attacker could call the character conversion routines with specially
setup arguments to crash the backend process of PostgreSQL or to
potentially gain administrator rights. A malicious user could also call
the misdeclared functions of the contrib/tsearch2 module, resulting in
a Denial of Service or other, yet uninvestigated, impacts.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All PostgreSQL users should update to the latest available version and
follow the guide at http://www.postgresql.org/about/news.315

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-db/postgresql

References
==========

  [ 1 ] CAN-2005-1409
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1409
  [ 2 ] CAN-2005-1410
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1410
  [ 3 ] PostgreSQL Announcement
        http://www.postgresql.org/about/news.315

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

16324
PostgreSQL tsearch2 Module Multiple Function Internal Processing Issue

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-05-02 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PostgreSQL TSearch2 Design Error Vulnerability
Design Error 13475
Yes No
2005-05-03 12:00:00 2007-02-28 04:06:00
The vendor announced this issue.

- 受影响的程序版本

Trustix Secure Enterprise Linux 2.0
SGI ProPack 3.0
SGI Advanced Linux Environment 3.0
RedHat Linux 9.0 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
PostgreSQL PostgreSQL 8.0.2
+ Trustix Secure Linux 2.2
PostgreSQL PostgreSQL 8.0.1
PostgreSQL PostgreSQL 8.0
+ Trustix Secure Linux 2.2
PostgreSQL PostgreSQL 7.4.7
+ Gentoo Linux
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
PostgreSQL PostgreSQL 7.4.6
+ Trustix Secure Linux 2.1
PostgreSQL PostgreSQL 7.4.5
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 9.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PostgreSQL PostgreSQL 7.4.3
PostgreSQL PostgreSQL 7.4
Gentoo Linux
Conectiva Linux 10.0

- 漏洞讨论

The PostgreSQL 'contrib/tsearch2' module is prone to a security vulnerability. The issue occurs because the module doesn't correctly declare several functions.

Although unconfirmed, presumably this issue allows a remote user who can write SQL queries to the affected database to call these functions, which shouldn't be accessible directly from SQL commands.

This vulnerability affects PostgreSQL 7.4 and later.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案


Please see the referenced vendor advisories for details on obtaining and applying fixes.


PostgreSQL PostgreSQL 7.4.5

PostgreSQL PostgreSQL 7.4.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站