CVE-2006-5540
Gravedad CVSS v2.0:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
26/10/2006
Última modificación:
09/04/2025
Descripción
El fichero backend/parser/analyze.c en PostgreSQL 8.1.x versiones anteriores a 8.1.5 permite a usuarios remotos sin autenticar provocar una denegación de servicio (daemon crash) mediante funciones agregadas concretas en una sentencia UPDATE, que no han sido debidamente tratadas durante una "optimización de índices MIN/MAX."
Impacto
Puntuación base 2.0
4.00
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
- http://projects.commandprompt.com/public/pgsql/changeset/25504
- http://secunia.com/advisories/22562
- http://secunia.com/advisories/22584
- http://secunia.com/advisories/22606
- http://secunia.com/advisories/22636
- http://secunia.com/advisories/23048
- http://secunia.com/advisories/23132
- http://secunia.com/advisories/24094
- http://secunia.com/advisories/24284
- http://secunia.com/advisories/24577
- http://securitytracker.com/id?1017115=
- http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
- http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A194
- http://www.novell.com/linux/security/advisories/2006_27_sr.html
- http://www.postgresql.org/about/news.664
- http://www.redhat.com/support/errata/RHSA-2007-0064.html
- http://www.redhat.com/support/errata/RHSA-2007-0067.html
- http://www.redhat.com/support/errata/RHSA-2007-0068.html
- http://www.securityfocus.com/bid/20717
- http://www.trustix.org/errata/2006/0059/
- http://www.ubuntu.com/usn/usn-369-1
- http://www.ubuntu.com/usn/usn-369-2
- http://www.vupen.com/english/advisories/2006/4182
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11425
- ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
- http://projects.commandprompt.com/public/pgsql/changeset/25504
- http://secunia.com/advisories/22562
- http://secunia.com/advisories/22584
- http://secunia.com/advisories/22606
- http://secunia.com/advisories/22636
- http://secunia.com/advisories/23048
- http://secunia.com/advisories/23132
- http://secunia.com/advisories/24094
- http://secunia.com/advisories/24284
- http://secunia.com/advisories/24577
- http://securitytracker.com/id?1017115=
- http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
- http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006%3A194
- http://www.novell.com/linux/security/advisories/2006_27_sr.html
- http://www.postgresql.org/about/news.664
- http://www.redhat.com/support/errata/RHSA-2007-0064.html
- http://www.redhat.com/support/errata/RHSA-2007-0067.html
- http://www.redhat.com/support/errata/RHSA-2007-0068.html
- http://www.securityfocus.com/bid/20717
- http://www.trustix.org/errata/2006/0059/
- http://www.ubuntu.com/usn/usn-369-1
- http://www.ubuntu.com/usn/usn-369-2
- http://www.vupen.com/english/advisories/2006/4182
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11425