Vulnerability Name:

CVE-2007-0555 (CCN-32195)

Assigned:2007-02-05
Published:2007-02-05
Updated:2023-01-19
Summary:PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:8.5 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:C)
6.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): Complete
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Consequences:Obtain Information
References:Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: MITRE
Type: CNA
CVE-2007-0555

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: CCN
Type: RHSA-2007-0064
Moderate: postgresql security update

Source: CCN
Type: RHSA-2007-0067
Moderate: postgresql security update

Source: CCN
Type: RHSA-2007-0068
Moderate: postgresql security update

Source: CCN
Type: SA24033
PostgreSQL Denial of Service and Information Disclosure

Source: CCN
Type: SA24315
Solaris PostgreSQL Denial of Service and Information Disclosure

Source: CCN
Type: SA24577
Avaya Products PostgreSQL Denial of Service and Information Disclosure

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: SECTRACK ID: 1017597
PostgreSQL Data Type Check Bypass and Table Column Modification Bugs Let Remote Users Deny Service

Source: cve@mitre.org
Type: Third Party Advisory, VDB Entry
cve@mitre.org

Source: CCN
Type: Sun Alert ID: 102825
Two Security Vulnerabilities in PostgreSQL May Allow Denial of Service or Information Leakage

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: CCN
Type: ASA-2007-107
Two Security Vulnerabilities in PostgreSQL May Allow Denial of Service or Information Leakage (Sun 102825)

Source: CCN
Type: ASA-2007-116
postgresql security update (RHSA-2007-0064)

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: ASA-2007-117
postgresql security update (RHSA-2007-0067)

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: DEBIAN
Type: DSA-1261
postgresql -- several vulnerabilities

Source: CCN
Type: GLSA-200703-15
PostgreSQL: Multiple vulnerabilities

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: OSVDB ID: 33087
PostgreSQL Function Argument Data Type Check Bypass

Source: CCN
Type: PostgreSQL Web site
PostgreSQL: Security Information

Source: cve@mitre.org
Type: Vendor Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory, VDB Entry
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory, VDB Entry
cve@mitre.org

Source: CCN
Type: BID-22387
PostgreSQL Information Disclosure and Denial of Service Vulnerabilities

Source: cve@mitre.org
Type: Third Party Advisory, VDB Entry
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: CCN
Type: TLSA-2007-10
PostgreSQL denial of service attack

Source: CCN
Type: USN-417-1
PostgreSQL vulnerabilities

Source: CCN
Type: USN-417-2
PostgreSQL regression

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: USN-417-3
PostgreSQL regression

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory, VDB Entry
cve@mitre.org

Source: XF
Type: UNKNOWN
postgresql-sqlfunctions-info-disclosure(32195)

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: SUSE
Type: SUSE-SR:2007:010
SUSE Security Summary Report

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*
    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20070555
    V
    		CVE-2007-0555
    2015-11-16
    oval:org.mitre.oval:def:22160
    P
    		ELSA-2007:0068: postgresql security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:9739
    V
    		PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
    2013-04-29
    oval:com.redhat.rhsa:def:20070068
    P
    		RHSA-2007:0068: postgresql security update (Moderate)
    2008-03-20
    oval:org.debian:def:1261
    V
    		several vulnerabilities
    2007-02-15
    oval:com.redhat.rhsa:def:20070064
    P
    		RHSA-2007:0064: postgresql security update (Moderate)
    2007-02-07
    BACK
    postgresql postgresql 7.3
    postgresql postgresql 8.0
    postgresql postgresql 8.1
    postgresql postgresql 8.2
    postgresql postgresql 7.4
    freebsd freebsd *
    gentoo linux *
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    sun solaris 10
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux personal *
    turbolinux turbolinux home *
    turbolinux turbolinux multimedia *
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 5