Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Производитель ПО
Наименование ПО
PostgreSQL
(7.4, 7.4.19, 8.0, 8.0.15, 8.1, 8.1.11, 8.2, 8.2.6)
postgresql
(Unknown)
Описание
Уязвимость в обработчике регулярных выражений в TCL при использовании в PostgreSQL позволяет пользователям, которые прошли аутентификацию и действуют удаленно, вызвать отказ в обслуживании (чрезмерное потребление ресурсов памяти), используя специально сформированное "сложное" регулярное выражение с дважды вложенными условиями.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.postgresql.org/
http://www.postgresql.org/
Ссылки
BID (27163): http://www.securityfocus.com/bid/27163
XF (postgresql-complex-expression-dos(39498)): http://xforce.iss.net/xforce/xfdb/39498
CONFIRM (http://www.postgresql.org/about/news.905): http://www.postgresql.org/about/news.905
MANDRIVA (MDVSA-2008:004): http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
VUPEN (ADV-2008-0061): http://www.frsirt.com/english/advisories/2008/0061
CONFIRM (http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894): http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
CONFIRM (http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894): http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
SECTRACK (1019157): http://securitytracker.com/id?1019157
FEDORA (FEDORA-2008-0552): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
FEDORA (FEDORA-2008-0478): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
CONFIRM (https://issues.rpath.com/browse/RPL-1768): https://issues.rpath.com/browse/RPL-1768
UBUNTU (USN-568-1): http://www.ubuntulinux.org/support/documentation/usn/usn-568-1
BUGTRAQ (20080115 rPSA-2008-0016-1 postgresql postgresql-server): http://www.securityfocus.com/archive/1/archive/1/486407/100/0/threaded
BUGTRAQ (20080107 PostgreSQL 2007-01-07 Cumulative Security Release): http://www.securityfocus.com/archive/1/archive/1/485864/100/0/threaded
REDHAT (RHSA-2008:0040): http://www.redhat.com/support/errata/RHSA-2008-0040.html
REDHAT (RHSA-2008:0038): http://www.redhat.com/support/errata/RHSA-2008-0038.html
VUPEN (ADV-2008-1071): http://www.frsirt.com/english/advisories/2008/1071/references
VUPEN (ADV-2008-0109): http://www.frsirt.com/english/advisories/2008/0109
DEBIAN (DSA-1463): http://www.debian.org/security/2008/dsa-1463
DEBIAN (DSA-1460): http://www.debian.org/security/2008/dsa-1460
SUNALERT (200559): http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
SUNALERT (103197): http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
GENTOO (GLSA-200801-15): http://security.gentoo.org/glsa/glsa-200801-15.xml
SUSE (SUSE-SA:2008:005): http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
HP (SSRT080006): http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
XF (postgresql-complex-expression-dos(39498)): http://xforce.iss.net/xforce/xfdb/39498
CONFIRM (http://www.postgresql.org/about/news.905): http://www.postgresql.org/about/news.905
MANDRIVA (MDVSA-2008:004): http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
VUPEN (ADV-2008-0061): http://www.frsirt.com/english/advisories/2008/0061
CONFIRM (http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894): http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
CONFIRM (http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894): http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
SECTRACK (1019157): http://securitytracker.com/id?1019157
FEDORA (FEDORA-2008-0552): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
FEDORA (FEDORA-2008-0478): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
CONFIRM (https://issues.rpath.com/browse/RPL-1768): https://issues.rpath.com/browse/RPL-1768
UBUNTU (USN-568-1): http://www.ubuntulinux.org/support/documentation/usn/usn-568-1
BUGTRAQ (20080115 rPSA-2008-0016-1 postgresql postgresql-server): http://www.securityfocus.com/archive/1/archive/1/486407/100/0/threaded
BUGTRAQ (20080107 PostgreSQL 2007-01-07 Cumulative Security Release): http://www.securityfocus.com/archive/1/archive/1/485864/100/0/threaded
REDHAT (RHSA-2008:0040): http://www.redhat.com/support/errata/RHSA-2008-0040.html
REDHAT (RHSA-2008:0038): http://www.redhat.com/support/errata/RHSA-2008-0038.html
VUPEN (ADV-2008-1071): http://www.frsirt.com/english/advisories/2008/1071/references
VUPEN (ADV-2008-0109): http://www.frsirt.com/english/advisories/2008/0109
DEBIAN (DSA-1463): http://www.debian.org/security/2008/dsa-1463
DEBIAN (DSA-1460): http://www.debian.org/security/2008/dsa-1460
SUNALERT (200559): http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
SUNALERT (103197): http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
GENTOO (GLSA-200801-15): http://security.gentoo.org/glsa/glsa-200801-15.xml
SUSE (SUSE-SA:2008:005): http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
HP (SSRT080006): http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154