Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Производитель ПО
Наименование ПО
PostgreSQL
(7.4, 7.4.19, 8.0, 8.0.15, 8.1, 8.1.11, 8.2, 8.2.6)
postgresql
(Unknown)
Описание
Обработчик регулярных выражений в TCL при использовании в PostgreSQL позволяет удаленным пользователям, которые прошли аутентификацию, вызвать отказ в обслуживании (аварийное завершение работы приложения), используя значение backref, которое выходит за пределы разрешенного диапазона.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.postgresql.org/
http://www.postgresql.org/
Ссылки
BID (27163): http://www.securityfocus.com/bid/27163
XF (postgresql-backref-dos(39499)): http://xforce.iss.net/xforce/xfdb/39499
CONFIRM (http://www.postgresql.org/about/news.905): http://www.postgresql.org/about/news.905
MANDRIVA (MDVSA-2008:004): http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
VUPEN (ADV-2008-0061): http://www.frsirt.com/english/advisories/2008/0061
CONFIRM (http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894): http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
CONFIRM (http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894): http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
SECTRACK (1019157): http://securitytracker.com/id?1019157
FEDORA (FEDORA-2008-0552): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
FEDORA (FEDORA-2008-0478): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
CONFIRM (https://issues.rpath.com/browse/RPL-1768): https://issues.rpath.com/browse/RPL-1768
UBUNTU (USN-568-1): http://www.ubuntulinux.org/support/documentation/usn/usn-568-1
BUGTRAQ (20080115 rPSA-2008-0016-1 postgresql postgresql-server): http://www.securityfocus.com/archive/1/archive/1/486407/100/0/threaded
BUGTRAQ (20080107 PostgreSQL 2007-01-07 Cumulative Security Release): http://www.securityfocus.com/archive/1/archive/1/485864/100/0/threaded
REDHAT (RHSA-2008:0040): http://www.redhat.com/support/errata/RHSA-2008-0040.html
REDHAT (RHSA-2008:0038): http://www.redhat.com/support/errata/RHSA-2008-0038.html
VUPEN (ADV-2008-1071): http://www.frsirt.com/english/advisories/2008/1071/references
VUPEN (ADV-2008-0109): http://www.frsirt.com/english/advisories/2008/0109
DEBIAN (DSA-1463): http://www.debian.org/security/2008/dsa-1463
DEBIAN (DSA-1460): http://www.debian.org/security/2008/dsa-1460
SUNALERT (200559): http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
SUNALERT (103197): http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
GENTOO (GLSA-200801-15): http://security.gentoo.org/glsa/glsa-200801-15.xml
SUSE (SUSE-SA:2008:005): http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
HP (SSRT080006): http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
XF (postgresql-backref-dos(39499)): http://xforce.iss.net/xforce/xfdb/39499
CONFIRM (http://www.postgresql.org/about/news.905): http://www.postgresql.org/about/news.905
MANDRIVA (MDVSA-2008:004): http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
VUPEN (ADV-2008-0061): http://www.frsirt.com/english/advisories/2008/0061
CONFIRM (http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894): http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
CONFIRM (http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894): http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
SECTRACK (1019157): http://securitytracker.com/id?1019157
FEDORA (FEDORA-2008-0552): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
FEDORA (FEDORA-2008-0478): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
CONFIRM (https://issues.rpath.com/browse/RPL-1768): https://issues.rpath.com/browse/RPL-1768
UBUNTU (USN-568-1): http://www.ubuntulinux.org/support/documentation/usn/usn-568-1
BUGTRAQ (20080115 rPSA-2008-0016-1 postgresql postgresql-server): http://www.securityfocus.com/archive/1/archive/1/486407/100/0/threaded
BUGTRAQ (20080107 PostgreSQL 2007-01-07 Cumulative Security Release): http://www.securityfocus.com/archive/1/archive/1/485864/100/0/threaded
REDHAT (RHSA-2008:0040): http://www.redhat.com/support/errata/RHSA-2008-0040.html
REDHAT (RHSA-2008:0038): http://www.redhat.com/support/errata/RHSA-2008-0038.html
VUPEN (ADV-2008-1071): http://www.frsirt.com/english/advisories/2008/1071/references
VUPEN (ADV-2008-0109): http://www.frsirt.com/english/advisories/2008/0109
DEBIAN (DSA-1463): http://www.debian.org/security/2008/dsa-1463
DEBIAN (DSA-1460): http://www.debian.org/security/2008/dsa-1460
SUNALERT (200559): http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
SUNALERT (103197): http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
GENTOO (GLSA-200801-15): http://security.gentoo.org/glsa/glsa-200801-15.xml
SUSE (SUSE-SA:2008:005): http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
HP (SSRT080006): http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154