Vulnerability CVE-2005-1409 - CERT Civis.Net

Vulnerability Name:

CVE-2005-1409 (CCN-20401)

Assigned:

2005-05-02

Published:

2005-05-02

Updated:

2018-10-19

Summary:

PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MLIST
Type: Patch
[pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found

Source: MITRE
Type: CNA
CVE-2005-1409

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2005:1008
Fix for several PostgreSQL vulnerabilities

Source: CCN
Type: RHSA-2005-433
postgresql security update

Source: CCN
Type: GLSA-200505-12
PostgreSQL: Multiple vulnerabilities

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:036

Source: CCN
Type: PostgreSQL Web site
PostgreSQL

Source: CCN
Type: PostgreSQL Security Advisory 2005-05-02
PostgreSQL: News: SECURITY: Two New Problems Found

Source: CONFIRM
Type: Patch
http://www.postgresql.org/about/news.315

Source: REDHAT
Type: UNKNOWN
RHSA-2005:433

Source: FEDORA
Type: UNKNOWN
FLSA-2006:157366

Source: BID
Type: UNKNOWN
13476

Source: CCN
Type: BID-13476
PostgreSQL Character Set Conversion Privilege Escalation Vulnerability

Source: CCN
Type: TLSA-2005-62
Two vulnerabilities discovered in Postgresql

Source: CCN
Type: USN-118-1
PostgreSQL vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2005-0453

Source: XF
Type: UNKNOWN
postgresql-conversion-command-execute(20401)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10050

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:676

Source: SUSE
Type: SUSE-SA:2005:036
sudo: race condition arbitrary code execution

Source: SUSE
Type: SUSE-SR:2005:013
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:014
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:015
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:016
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:8.0:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:8.0:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*

OR cpe:/a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20051409	V	CVE-2005-1409	2015-11-16
oval:org.mitre.oval:def:10050	V	PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."	2013-04-29
oval:org.mitre.oval:def:676	V	PostgreSQL Character Conversion Vulnerability	2005-08-18
oval:com.redhat.rhsa:def:20050433	P	RHSA-2005:433: postgresql security update (Moderate)	2005-06-06