Vulnerability Name:

CVE-2005-1410 (CCN-20402)

Assigned:2005-05-02
Published:2005-05-02
Updated:2018-10-19
Summary:The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MLIST
Type: Patch
[pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found

Source: MITRE
Type: CNA
CVE-2005-1410

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2005:1008
Fix for several PostgreSQL vulnerabilities

Source: CCN
Type: RHSA-2005-433
postgresql security update

Source: CCN
Type: GLSA-200505-12
PostgreSQL: Multiple vulnerabilities

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:036

Source: CCN
Type: PostgreSQL Web site
PostgreSQL

Source: CCN
Type: PostgreSQL Security Advisory 2005-05-02
PostgreSQL: News: SECURITY: Two New Problems Found

Source: CONFIRM
Type: Patch
http://www.postgresql.org/about/news.315

Source: REDHAT
Type: UNKNOWN
RHSA-2005:433

Source: FEDORA
Type: UNKNOWN
FLSA-2006:157366

Source: BID
Type: Patch
13475

Source: CCN
Type: BID-13475
PostgreSQL TSearch2 Design Error Vulnerability

Source: CCN
Type: TLSA-2005-62
Two vulnerabilities discovered in Postgresql

Source: CCN
Type: USN-118-1
PostgreSQL vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2005-0453

Source: XF
Type: UNKNOWN
postgresql-tsearch2-dos(20402)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1086

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9343

Source: SUSE
Type: SUSE-SA:2005:036
sudo: race condition arbitrary code execution

Source: SUSE
Type: SUSE-SR:2005:013
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:014
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:015
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:016
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20051410
    V
    		CVE-2005-1410
    2015-11-16
    oval:org.mitre.oval:def:9343
    V
    		The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.
    2013-04-29
    oval:org.mitre.oval:def:1086
    V
    		PostgreSQL tsearch2 "internal" Functions Vulnerability
    2005-08-18
    oval:com.redhat.rhsa:def:20050433
    P
    		RHSA-2005:433: postgresql security update (Moderate)
    2005-06-06
    BACK
    postgresql postgresql 7.4
    postgresql postgresql 7.4.3
    postgresql postgresql 7.4.5
    postgresql postgresql 7.4.6
    postgresql postgresql 7.4.7
    postgresql postgresql 8.0
    postgresql postgresql 8.0.1
    postgresql postgresql 8.0.2
    trustix secure linux 2.0
    postgresql postgresql 7.4.3
    postgresql postgresql 8.0
    postgresql postgresql 7.4
    postgresql postgresql 7.4.5
    postgresql postgresql 7.4.6
    postgresql postgresql 7.4.7
    postgresql postgresql 8.0.1
    postgresql postgresql 8.0.2
    gentoo linux *
    suse suse linux 8.2
    suse suse linux 9.0
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    redhat enterprise linux 3
    conectiva linux 10
    suse suse linux 9.2
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux home *
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.3