Vulnerability Name:

CVE-2006-5541 (CCN-29809)

Assigned:2006-10-16
Published:2006-10-16
Updated:2017-10-11
Summary:backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2006-5541

Source: CONFIRM
Type: UNKNOWN
http://projects.commandprompt.com/public/pgsql/changeset/26457

Source: CCN
Type: RHSA-2007-0067
Moderate: postgresql security update

Source: CCN
Type: RHSA-2007-0068
Moderate: postgresql security update

Source: CCN
Type: SA22562
PostgreSQL Denial of Service Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
22562

Source: SECUNIA
Type: Vendor Advisory
22584

Source: SECUNIA
Type: UNKNOWN
22606

Source: SECUNIA
Type: UNKNOWN
22636

Source: SECUNIA
Type: UNKNOWN
23048

Source: SECUNIA
Type: UNKNOWN
23132

Source: CCN
Type: SA24577
Avaya Products PostgreSQL Denial of Service and Information Disclosure

Source: SECUNIA
Type: UNKNOWN
24577

Source: CCN
Type: SECTRACK ID: 1017115
PostgreSQL Processing Bugs Let Remote Authenticated Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1017115

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm

Source: CCN
Type: ASA-2007-117
postgresql security update (RHSA-2007-0067)

Source: CONFIRM
Type: UNKNOWN
http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:194

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:027

Source: CCN
Type: PostgreSQL Web site
New PostgreSQL Minor Versions Released

Source: CONFIRM
Type: Patch
http://www.postgresql.org/about/news.664

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0067

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0068

Source: BID
Type: Patch
20717

Source: CCN
Type: BID-20717
PostgreSQL Multiple Local Denial of Service Vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
2006-0059

Source: CCN
Type: TLSA-2006-36
postgresql denial of service attack

Source: CCN
Type: USN-369-1
PostgreSQL vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-369-1

Source: CCN
Type: USN-369-2
PostgreSQL vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-369-2

Source: VUPEN
Type: UNKNOWN
ADV-2006-4182

Source: XF
Type: UNKNOWN
postgresql-anyarray-dos(29809)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10905

Source: SUSE
Type: SUSE-SR:2006:027
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
  • AND
  • cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20065541
    V
    		CVE-2006-5541
    2015-11-16
    oval:org.mitre.oval:def:22160
    P
    		ELSA-2007:0068: postgresql security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:10905
    V
    		backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY.
    2013-04-29
    oval:com.redhat.rhsa:def:20070068
    P
    		RHSA-2007:0068: postgresql security update (Moderate)
    2008-03-20
    BACK
    postgresql postgresql 7.4.1
    postgresql postgresql 7.4.2
    postgresql postgresql 7.4.3
    postgresql postgresql 7.4.4
    postgresql postgresql 7.4.5
    postgresql postgresql 7.4.6
    postgresql postgresql 7.4.7
    postgresql postgresql 7.4.8
    postgresql postgresql 7.4.9
    postgresql postgresql 7.4.10
    postgresql postgresql 7.4.11
    postgresql postgresql 7.4.12
    postgresql postgresql 7.4.13
    postgresql postgresql 7.4.14
    postgresql postgresql 8.0
    postgresql postgresql 8.0.1
    postgresql postgresql 8.0.2
    postgresql postgresql 8.0.3
    postgresql postgresql 8.0.4
    postgresql postgresql 8.0.5
    postgresql postgresql 8.0.6
    postgresql postgresql 8.0.7
    postgresql postgresql 8.0.8
    postgresql postgresql 8.1
    postgresql postgresql 8.1.1
    postgresql postgresql 8.1.2
    postgresql postgresql 8.1.3
    postgresql postgresql 8.1.4
    postgresql postgresql 7.4.3
    postgresql postgresql 8.0
    postgresql postgresql 8.1
    postgresql postgresql 7.4.1
    postgresql postgresql 7.4.2
    postgresql postgresql 7.4.4
    postgresql postgresql 7.4.5
    postgresql postgresql 7.4.6
    postgresql postgresql 7.4.7
    postgresql postgresql 8.0.1
    postgresql postgresql 8.0.2
    postgresql postgresql 8.0.5
    postgresql postgresql 8.0.4
    postgresql postgresql 8.0.3
    postgresql postgresql 8.1.1
    postgresql postgresql 8.1.2
    postgresql postgresql 8.0.6
    postgresql postgresql 7.4.11
    postgresql postgresql 7.4.10
    postgresql postgresql 7.4.9
    postgresql postgresql 7.4.8
    postgresql postgresql 8.1.3
    postgresql postgresql 8.0.7
    postgresql postgresql 7.4.12
    postgresql postgresql 8.1.4
    postgresql postgresql 8.0.8
    postgresql postgresql 7.4.14
    postgresql postgresql 7.4.13
    freebsd freebsd *
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5