OVAL Reference oval:org.mitre.oval:tst:35123

Oval Definition:

oval:org.mitre.oval:tst:35123

Comment:

postgresql-tcl is earlier than 0:8.1.11-1.el5_1.1

Type:

rpminfo_test

Namespace:

linux

Check_Existence:

at_least_one_exists

Check:

at least one

State Operator:

AND

References

Object:

oval:org.mitre.oval:obj:14486

State:

oval:org.mitre.oval:ste:10154

Referencing Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:9804	V	The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.	2013-04-29
oval:org.mitre.oval:def:10235	V	Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.	2013-04-29
oval:org.mitre.oval:def:10334	V	PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.	2013-04-29
oval:org.mitre.oval:def:10493	V	PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.	2013-04-29
oval:org.mitre.oval:def:11127	V	The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.	2013-04-29
oval:org.mitre.oval:def:11569	V	The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.	2013-04-29

BACK