Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2008:004 ] - Updated postgresql packages fix denial of service and privilege escalation issues
From: security () mandriva com
Date: Wed, 09 Jan 2008 00:59:11 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:004
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : postgresql
 Date    : January 9, 2008
 Affected: .
 _______________________________________________________________________
 
 Problem Description:
 
 Index Functions Privilege Escalation (CVE-2007-6600): as a unique
 feature, PostgreSQL allows users to create indexes on the results of
 user-defined functions, known as expression indexes. This provided
 two vulnerabilities to privilege escalation: (1) index functions were
 executed as the superuser and not the table owner during VACUUM and
 ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were
 permitted within index functions.
 
 Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067,
 CVE-2007-4769): three separate issues in the regular expression
 libraries used by PostgreSQL allowed malicious users to initiate
 a denial-of-service by passing certain regular expressions in SQL
 queries. First, users could create infinite loops using some specific
 regular expressions. Second, certain complex regular expressions
 could consume excessive amounts of memory. Third, out-of-range backref
 numbers could be used to crash the backend.
 
 DBLink Privilege Escalation (CVE-2007-6601): DBLink functions
 combined with local trust or ident authentication could be used by
 a malicious user to gain superuser privileges. This issue has been
 fixed, and does not affect users who have not installed DBLink (an
 optional module), or who are using password authentication for local
 access. This same problem was addressed in the previous release cycle
 (see CVE-2007-3278), but that patch failed to close all forms of
 the loophole.
 
 Updated packages fix these issues by upgrading to the latest
 maintenance versions of PostgreSQL.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601
 _______________________________________________________________________
 
 Updated Packages:
 

 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD4DBQFHhGINmqjQ0CJFipgRArA4AKDH+u4pq9AduH544AXnA2FEngGYNQCSAhVp
Xwr0HiCWhxJ8YWvBpOQ2+A==
=ytgj
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault