EnterpriseDB Advanced Server Uninitialized Pointer Vulnerability

Bugtraq ID:	25481
Class:	Design Error
CVE:	CVE-2007-4639
Remote:	Yes
Local:	No
Published:	Aug 29 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Joxean Koret is credited with the discovery of this issue.
Vulnerable:	EnterpriseDB EnterpriseDB Advanced Server 8.2
Not Vulnerable:

EnterpriseDB Advanced Server Uninitialized Pointer Vulnerability

EnterpriseDB Advanced Server is prone to an uninitialized-pointer vulnerability.

Authenticated attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this vulnerability, remote code execution may also be possible, but this has not been confirmed.

EnterpriseDB Advanced Server 8.2 is vulnerable; other versions may also be affected.

EnterpriseDB Advanced Server Uninitialized Pointer Vulnerability

The following proof-of-concept information is available:

• /data/vulnerabilities/exploits/25481.txt

EnterpriseDB Advanced Server Uninitialized Pointer Vulnerability

Solution:
Reports indicate that the vendor released a patch addressing this issue, but this has not been confirmed. Please see the references and contact the vendor for more information.

EnterpriseDB Advanced Server Uninitialized Pointer Vulnerability

References:

• Vendor Homepage (EnterpriseDB)
  
• EnterpriseDB Advanced Server 8.2 Unitialized Pointer (Joxean Koret)