PostgreSQL TSearch2 Design Error Vulnerability
BID:13475
Info
PostgreSQL TSearch2 Design Error Vulnerability
| Bugtraq ID: | 13475 |
| Class: | Design Error |
| CVE: |
CVE-2005-1410 |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2005 12:00AM |
| Updated: | Feb 28 2007 04:06PM |
| Credit: | The vendor announced this issue. |
| Vulnerable: |
Trustix Secure Enterprise Linux 2.0 SGI ProPack 3.0 SGI Advanced Linux Environment 3.0 Redhat Linux 9.0 i386 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Desktop 4.0 Redhat Desktop 3.0 PostgreSQL PostgreSQL 8.0.2 PostgreSQL PostgreSQL 8.0.1 PostgreSQL PostgreSQL 8.0 PostgreSQL PostgreSQL 7.4.7 PostgreSQL PostgreSQL 7.4.6 PostgreSQL PostgreSQL 7.4.5 PostgreSQL PostgreSQL 7.4.3 PostgreSQL PostgreSQL 7.4 Gentoo Linux |
| Not Vulnerable: | |
Discussion
PostgreSQL TSearch2 Design Error Vulnerability
The PostgreSQL 'contrib/tsearch2' module is prone to a security vulnerability. The issue occurs because the module doesn't correctly declare several functions.
Although unconfirmed, presumably this issue allows a remote user who can write SQL queries to the affected database to call these functions, which shouldn't be accessible directly from SQL commands.
This vulnerability affects PostgreSQL 7.4 and later.
The PostgreSQL 'contrib/tsearch2' module is prone to a security vulnerability. The issue occurs because the module doesn't correctly declare several functions.
Although unconfirmed, presumably this issue allows a remote user who can write SQL queries to the affected database to call these functions, which shouldn't be accessible directly from SQL commands.
This vulnerability affects PostgreSQL 7.4 and later.
Exploit / POC
PostgreSQL TSearch2 Design Error Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
PostgreSQL TSearch2 Design Error Vulnerability
Solution:
Please see the referenced vendor advisories for details on obtaining and applying fixes.
PostgreSQL PostgreSQL 7.4.5
PostgreSQL PostgreSQL 7.4.7
Solution:
Please see the referenced vendor advisories for details on obtaining and applying fixes.
PostgreSQL PostgreSQL 7.4.5
-
Ubuntu libecpg-dev_7.4.5-3ubuntu0.5_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7 .4.5-3ubuntu0.5_amd64.deb -
Ubuntu libecpg-dev_7.4.5-3ubuntu0.5_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7 .4.5-3ubuntu0.5_i386.deb -
Ubuntu libecpg-dev_7.4.5-3ubuntu0.5_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7 .4.5-3ubuntu0.5_powerpc.deb -
Ubuntu libecpg4_7.4.5-3ubuntu0.5_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4. 5-3ubuntu0.5_amd64.deb-dev_7.4.5-3ubuntu0.5_amd64.deb -
Ubuntu libecpg4_7.4.5-3ubuntu0.5_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4. 5-3ubuntu0.5_i386.deb -
Ubuntu libecpg4_7.4.5-3ubuntu0.5_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4. 5-3ubuntu0.5_powerpc.deb -
Ubuntu libpgtcl-dev_7.4.5-3ubuntu0.5_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_ 7.4.5-3ubuntu0.5_amd64.deb -
Ubuntu libpgtcl-dev_7.4.5-3ubuntu0.5_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_ 7.4.5-3ubuntu0.5_i386.deb -
Ubuntu libpgtcl-dev_7.4.5-3ubuntu0.5_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_ 7.4.5-3ubuntu0.5_powerpc.deb -
Ubuntu libpgtcl_7.4.5-3ubuntu0.5_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4. 5-3ubuntu0.5_amd64.deb -
Ubuntu libpgtcl_7.4.5-3ubuntu0.5_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4. 5-3ubuntu0.5_i386.deb -
Ubuntu libpgtcl_7.4.5-3ubuntu0.5_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4. 5-3ubuntu0.5_powerpc.deb -
Ubuntu libpq3_7.4.5-3ubuntu0.5_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5- 3ubuntu0.5_amd64.deb -
Ubuntu libpq3_7.4.5-3ubuntu0.5_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5- 3ubuntu0.5_i386.deb -
Ubuntu libpq3_7.4.5-3ubuntu0.5_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5- 3ubuntu0.5_powerpc.deb -
Ubuntu postgresql-client_7.4.5-3ubuntu0.5_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-cl ient_7.4.5-3ubuntu0.5_amd64.deb -
Ubuntu postgresql-client_7.4.5-3ubuntu0.5_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-cl ient_7.4.5-3ubuntu0.5_i386.deb -
Ubuntu postgresql-client_7.4.5-3ubuntu0.5_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-cl ient_7.4.5-3ubuntu0.5_powerpc.deb -
Ubuntu postgresql-contrib_7.4.5-3ubuntu0.5_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresq l-contrib_7.4.5-3ubuntu0.5_amd64.deb -
Ubuntu postgresql-contrib_7.4.5-3ubuntu0.5_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresq l-contrib_7.4.5-3ubuntu0.5_i386.deb -
Ubuntu postgresql-contrib_7.4.5-3ubuntu0.5_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresq l-contrib_7.4.5-3ubuntu0.5_powerpc.deb -
Ubuntu postgresql-dev_7.4.5-3ubuntu0.5_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-de v_7.4.5-3ubuntu0.5_amd64.deb -
Ubuntu postgresql-dev_7.4.5-3ubuntu0.5_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-de v_7.4.5-3ubuntu0.5_i386.deb -
Ubuntu postgresql-dev_7.4.5-3ubuntu0.5_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-de v_7.4.5-3ubuntu0.5_powerpc.deb -
Ubuntu postgresql-doc_7.4.5-3ubuntu0.5_all.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-do c_7.4.5-3ubuntu0.5_all.deb -
Ubuntu postgresql_7.4.5-3ubuntu0.5_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7. 4.5-3ubuntu0.5_amd64.deb -
Ubuntu postgresql_7.4.5-3ubuntu0.5_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7. 4.5-3ubuntu0.5_i386.deb -
Ubuntu postgresql_7.4.5-3ubuntu0.5_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7. 4.5-3ubuntu0.5_powerpc.deb
PostgreSQL PostgreSQL 7.4.7
-
Ubuntu libecpg-dev_7.4.7-2ubuntu2.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7 .4.7-2ubuntu2.1_amd64.deb -
Ubuntu libecpg-dev_7.4.7-2ubuntu2.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7 .4.7-2ubuntu2.1_i386.deb -
Ubuntu libecpg-dev_7.4.7-2ubuntu2.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7 .4.7-2ubuntu2.1_powerpc.deb -
Ubuntu libecpg4_7.4.7-2ubuntu2.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4. 7-2ubuntu2.1_amd64.deb -
Ubuntu libecpg4_7.4.7-2ubuntu2.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4. 7-2ubuntu2.1_i386.deb -
Ubuntu libecpg4_7.4.7-2ubuntu2.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4. 7-2ubuntu2.1_powerpc.deb -
Ubuntu libpgtcl-dev_7.4.7-2ubuntu2.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_ 7.4.7-2ubuntu2.1_amd64.deb -
Ubuntu libpgtcl-dev_7.4.7-2ubuntu2.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_ 7.4.7-2ubuntu2.1_i386.deb -
Ubuntu libpgtcl-dev_7.4.7-2ubuntu2.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_ 7.4.7-2ubuntu2.1_powerpc.deb -
Ubuntu libpgtcl_7.4.7-2ubuntu2.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4. 7-2ubuntu2.1_amd64.deb -
Ubuntu libpgtcl_7.4.7-2ubuntu2.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4. 7-2ubuntu2.1_i386.deb -
Ubuntu libpgtcl_7.4.7-2ubuntu2.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4. 7-2ubuntu2.1_powerpc.deb -
Ubuntu libpq3_7.4.7-2ubuntu2.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.7- 2ubuntu2.1_amd64.deb -
Ubuntu libpq3_7.4.7-2ubuntu2.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.7- 2ubuntu2.1_i386.deb -
Ubuntu libpq3_7.4.7-2ubuntu2.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.7- 2ubuntu2.1_powerpc.deb -
Ubuntu postgresql-client_7.4.7-2ubuntu2.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-cl ient_7.4.7-2ubuntu2.1_amd64.deb -
Ubuntu postgresql-client_7.4.7-2ubuntu2.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-cl ient_7.4.7-2ubuntu2.1_i386.deb -
Ubuntu postgresql-client_7.4.7-2ubuntu2.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-cl ient_7.4.7-2ubuntu2.1_powerpc.deb -
Ubuntu postgresql-contrib_7.4.7-2ubuntu2.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresq l-contrib_7.4.7-2ubuntu2.1_amd64.deb -
Ubuntu postgresql-contrib_7.4.7-2ubuntu2.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresq l-contrib_7.4.7-2ubuntu2.1_i386.deb -
Ubuntu postgresql-contrib_7.4.7-2ubuntu2.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresq l-contrib_7.4.7-2ubuntu2.1_powerpc.deb -
Ubuntu postgresql-dev_7.4.7-2ubuntu2.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-de v_7.4.7-2ubuntu2.1_amd64.deb -
Ubuntu postgresql-dev_7.4.7-2ubuntu2.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-de v_7.4.7-2ubuntu2.1_i386.deb -
Ubuntu postgresql-dev_7.4.7-2ubuntu2.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-de v_7.4.7-2ubuntu2.1_powerpc.deb -
Ubuntu postgresql-doc_7.4.7-2ubuntu2.1_all.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-do c_7.4.7-2ubuntu2.1_all.deb -
Ubuntu postgresql_7.4.7-2ubuntu2.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7. 4.7-2ubuntu2.1_amd64.deb -
Ubuntu postgresql_7.4.7-2ubuntu2.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7. 4.7-2ubuntu2.1_i386.deb -
Ubuntu postgresql_7.4.7-2ubuntu2.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog):
http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7. 4.7-2ubuntu2.1_powerpc.deb
References
PostgreSQL TSearch2 Design Error Vulnerability
References:
References:
- PostgreSQL Project Homepage (PostgreSQL)
- RHSA-2005:433-17 : postgresql security update (RedHat)
- SECURITY: Two New Problems Found (PostgreSQL)