Vulnerability CVE-2010-0442

Vulnerability Name:

CVE-2010-0442 (CCN-55902)

Assigned:

2010-01-27

Published:

2010-01-27

Updated:

2023-02-24

Summary:

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."

CVSS v3 Severity:

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.2 Medium (REDHAT CVSS v2 Vector: AV:A/AC:L/Au:S/C:P/I:P/A:P)
4.4 Medium (REDHAT Temporal CVSS v2 Vector: AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: MITRE
Type: CNA
CVE-2010-0442

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: Intevydis blog
PostgreSQL 8.0.23 bitsubstr overflow

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2010-0427
Moderate: postgresql security update

Source: CCN
Type: RHSA-2010-0428
Moderate: postgresql security update

Source: CCN
Type: RHSA-2010-0429
Moderate: postgresql security update

Source: CCN
Type: SECTRACK ID: 1023510
PostgreSQL Substring Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: DEBIAN
Type: DSA-2051
postgresql-8.3 -- several vulnerabilities

Source: secalert@redhat.com
Type: Broken Link
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 62129
PostgreSQL backend/utils/adt/varbit.c bitsubstr Function Remote DoS

Source: CCN
Type: PostgreSQL Web site
PostgreSQL: The world's most advanced open source database

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: BID-37973
PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability

Source: secalert@redhat.com
Type: Exploit, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: CCN
Type: USN-933-1
PostgreSQL vulnerability

Source: secalert@redhat.com
Type: Permissions Required
secalert@redhat.com

Source: secalert@redhat.com
Type: Permissions Required
secalert@redhat.com

Source: secalert@redhat.com
Type: Permissions Required
secalert@redhat.com

Source: secalert@redhat.com
Type: Permissions Required
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: XF
Type: UNKNOWN
postgresql-substring-bo(55902)

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:postgresql:postgresql:8.0.23:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*

OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42425	P	Security update for dwarves and elfutils (Moderate)	2022-08-01
oval:org.opensuse.security:def:20100442	V	CVE-2010-0442	2022-05-20
oval:org.opensuse.security:def:42216	P	Security update for slirp4netns (Moderate)	2022-03-24
oval:org.opensuse.security:def:26165	P	Security update for libarchive (Moderate)	2021-11-17
oval:org.opensuse.security:def:31702	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:26162	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:31288	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:26144	P	Security update for libqt5-qtsvg (Moderate)	2021-10-11
oval:org.opensuse.security:def:32199	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:31277	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:26135	P	Security update for hivex (Moderate)	2021-09-23
oval:org.opensuse.security:def:32191	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:32981	P	Security update for fetchmail (Moderate)	2021-08-18
oval:org.opensuse.security:def:26105	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:26101	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:32150	P	Security update for the Linux Kernel (Important)	2021-07-22
oval:org.opensuse.security:def:26090	P	Security update for systemd (Moderate)	2021-07-20
oval:org.opensuse.security:def:26089	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:31643	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:26077	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:32942	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:42678	P	postgresql-8.3.23-0.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36540	P	postgresql-devel-8.3.23-0.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36271	P	postgresql-8.3.23-0.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32104	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:32094	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:26038	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:26024	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:31749	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:31362	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31738	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:31737	P	Security update for python-cryptography (Important)	2021-03-02
oval:org.opensuse.security:def:26197	P	Security update for postgresql13 (Moderate)	2021-02-22
oval:org.opensuse.security:def:31730	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:32260	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:32238	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:26091	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:32096	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:31276	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:31570	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:35809	P	postgresql-8.3.14-0.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36018	P	postgresql-8.3.23-0.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25701	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:27269	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25644	P	Security update for taglib (Low)	2020-12-01
oval:org.opensuse.security:def:31942	P	Security update for gnome-session (Moderate)	2020-12-01
oval:org.opensuse.security:def:27234	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25563	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:31886	P	Security update for ed (Low)	2020-12-01
oval:org.opensuse.security:def:26596	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25435	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:26552	P	g3utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25371	P	Security update for python-ipaddress (Important)	2020-12-01
oval:org.opensuse.security:def:26538	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33234	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25360	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:31586	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:26499	P	Security update for chromium, re2 (Important)	2020-12-01
oval:org.opensuse.security:def:33195	P	libxslt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25359	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:31494	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:32557	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32513	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25993	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32491	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25909	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32452	P	Security update for xerces-j2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27538	P	postgresql-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25852	P	Security update for flash-playerqemu (Important)	2020-12-01
oval:org.opensuse.security:def:27503	P	libwsman-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25771	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26865	P	apache2-mod_php53 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25643	P	Security update for hunspell (Low)	2020-12-01
oval:org.opensuse.security:def:31938	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:26821	P	squid3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25579	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31851	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:26807	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25568	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:31794	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26768	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26808	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25567	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26450	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:26773	P	libxcrypt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26397	P	Security update for plasma5-workspace (Important)	2020-12-01
oval:org.opensuse.security:def:31496	P	Security update for python-imaging	2020-12-01
oval:org.opensuse.security:def:26246	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:31485	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:32773	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31484	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:32403	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:32734	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32347	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25896	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:32052	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:25832	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32030	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25821	P	Security update for lhasa (Moderate)	2020-12-01
oval:org.opensuse.security:def:32047	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31991	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27016	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25820	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:31955	P	Security update for gstreamer-0_10-plugins-good (Important)	2020-12-01
oval:org.opensuse.security:def:26719	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26981	P	libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31823	P	Security update for bash (Moderate)	2020-12-01
oval:org.opensuse.security:def:26666	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26343	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:26515	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26299	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26431	P	Security update for tor (Moderate)	2020-12-01
oval:org.opensuse.security:def:26285	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:26374	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26293	P	Security update for raptor (Important)	2020-12-01
oval:org.opensuse.security:def:25989	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32304	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:25936	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25785	P	Security update for flash-player (Critical)	2020-12-01
oval:org.mitre.oval:def:13207	P	USN-933-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability	2014-06-30
oval:org.mitre.oval:def:13636	P	DSA-2051-1 postgresql-8.3 -- several	2014-06-23
oval:org.mitre.oval:def:11655	P	DSA-2051 postgresql-8.3 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:22939	P	ELSA-2010:0429: postgresql security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21774	P	RHSA-2010:0429: postgresql security update (Moderate)	2014-02-24
oval:org.mitre.oval:def:9720	V	The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."	2013-04-29
oval:org.debian:def:2051	V	several vulnerabilities	2010-05-24
oval:com.redhat.rhsa:def:20100427	P	RHSA-2010:0427: postgresql security update (Moderate)	2010-05-19
oval:com.redhat.rhsa:def:20100428	P	RHSA-2010:0428: postgresql security update (Moderate)	2010-05-19
oval:com.redhat.rhsa:def:20100429	P	RHSA-2010:0429: postgresql security update (Moderate)	2010-05-19

BACK