Vulnerability DatabaseCVE-2007-0556
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2007-0556
February 06, 2007
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.
Related Resources (35)
http://www.securityfocus.com/archive/1/459280/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11353
http://www.redhat.com/support/errata/RHSA-2007-0068.html
http://www.securityfocus.com/bid/22387
http://www.postgresql.org/support/security
http://osvdb.org/33302
http://secunia.com/advisories/24513
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1
https://usn.ubuntu.com/417-1/
http://secunia.com/advisories/24057
http://www.mandriva.com/security/advisories?name=MDKSA-2007:037
http://secunia.com/advisories/25220
https://people.canonical.com/~ubuntu-security/cve/CVE-2007-0556
http://secunia.com/advisories/24315
https://issues.rpath.com/browse/RPL-1025
http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html
http://security.gentoo.org/glsa/glsa-200703-15.xml
http://secunia.com/advisories/24577
http://secunia.com/advisories/24151
http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
http://secunia.com/advisories/24050
http://secunia.com/advisories/24028
http://www.securityfocus.com/archive/1/459448/100/0/threaded
http://fedoranews.org/cms/node/2554
http://secunia.com/advisories/24033
http://securitytracker.com/id?1017597
http://www.vupen.com/english/advisories/2007/0774
http://www.trustix.org/errata/2007/0007
http://www.ubuntu.com/usn/usn-417-2
https://exchange.xforce.ibmcloud.com/vulnerabilities/32191
https://issues.rpath.com/browse/RPL-830
http://www.novell.com/linux/security/advisories/2007_10_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0067.html
http://secunia.com/advisories/24042
http://www.vupen.com/english/advisories/2007/0478
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
HIGH
CVSS v2
Base Score:
6.6
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
COMPLETE
EPSS
Base Score:
1.49