[gentoo-announce] [ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities - gentoo-announce

From:	Raphael Marichez <falco@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200801-15 ] PostgreSQL: Multiple vulnerabilities
Date:	Tue, 29 Jan 2008 09:44:42
Message-Id:	`20080129094131.GA2585@falco.falcal.net`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200801-15

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: High

8

     Title: PostgreSQL: Multiple vulnerabilities

9

      Date: January 29, 2008

10

      Bugs: #204760

11

        ID: 200801-15

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

PostgreSQL contains multiple vulnerabilities that could result in

19

privilege escalation or a Denial of Service.

20

21

Background

22

==========

23

24

PostgreSQL is an open source object-relational database management

25

system.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package            /  Vulnerable  /                    Unaffected

32

    -------------------------------------------------------------------

33

  1  dev-db/postgresql      < 8.0.15                         >= 8.0.15

34

                                                            *>= 7.4.19

35

                                                            *>= 7.3.21

36

37

Description

38

===========

39

40

If using the "expression indexes" feature, PostgreSQL executes index

41

functions as the superuser during VACUUM and ANALYZE instead of the

42

table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the

43

index functions (CVE-2007-6600). Additionally, several errors involving

44

regular expressions were found (CVE-2007-4769, CVE-2007-4772,

45

CVE-2007-6067). Eventually, a privilege escalation vulnerability via

46

unspecified vectors in the DBLink module was reported (CVE-2007-6601).

47

This vulnerability is exploitable when local trust or ident

48

authentication is used, and is due to an incomplete fix of

49

CVE-2007-3278.

50

51

Impact

52

======

53

54

A remote authenticated attacker could send specially crafted queries

55

containing complex regular expressions to the server that could result

56

in a Denial of Service by a server crash (CVE-2007-4769), an infinite

57

loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two

58

other vulnerabilities can be exploited to gain additional privileges.

59

60

Workaround

61

==========

62

63

There is no known workaround for all these issues at this time.

64

65

Resolution

66

==========

67

68

All PostgreSQL users should upgrade to the latest version:

69

70

    # emerge --sync

71

    # emerge --ask --oneshot --verbose "dev-db/postgresql"

72

73

References

74

==========

75

76

  [ 1 ] CVE-2007-3278

77

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278

78

  [ 2 ] CVE-2007-4769

79

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769

80

  [ 3 ] CVE-2007-4772

81

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772

82

  [ 4 ] CVE-2007-6067

83

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067

84

  [ 5 ] CVE-2007-6600

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600

86

  [ 6 ] CVE-2007-6601

87

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601

88

89

Availability

90

============

91

92

This GLSA and any updates to it are available for viewing at

93

the Gentoo Security Website:

94

95

  http://security.gentoo.org/glsa/glsa-200801-15.xml

96

97

Concerns?

98

=========

99

100

Security is a primary focus of Gentoo Linux and ensuring the

101

confidentiality and security of our users machines is of utmost

102

importance to us. Any security concerns should be addressed to

103

security@g.o or alternatively, you may file a bug at

104

http://bugs.gentoo.org.

105

106

License

107

=======

108

109

Copyright 2008 Gentoo Foundation, Inc; referenced text

110

belongs to its owner(s).

111

112

The contents of this document are licensed under the

113

Creative Commons - Attribution / Share Alike license.

114

115

http://creativecommons.org/licenses/by-sa/2.5

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200801-15
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: PostgreSQL: Multiple vulnerabilities
9	Date: January 29, 2008
10	Bugs: #204760
11	ID: 200801-15
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	PostgreSQL contains multiple vulnerabilities that could result in
19	privilege escalation or a Denial of Service.
20
21	Background
22	==========
23
24	PostgreSQL is an open source object-relational database management
25	system.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 dev-db/postgresql < 8.0.15 >= 8.0.15
34	*>= 7.4.19
35	*>= 7.3.21
36
37	Description
38	===========
39
40	If using the "expression indexes" feature, PostgreSQL executes index
41	functions as the superuser during VACUUM and ANALYZE instead of the
42	table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the
43	index functions (CVE-2007-6600). Additionally, several errors involving
44	regular expressions were found (CVE-2007-4769, CVE-2007-4772,
45	CVE-2007-6067). Eventually, a privilege escalation vulnerability via
46	unspecified vectors in the DBLink module was reported (CVE-2007-6601).
47	This vulnerability is exploitable when local trust or ident
48	authentication is used, and is due to an incomplete fix of
49	CVE-2007-3278.
50
51	Impact
52	======
53
54	A remote authenticated attacker could send specially crafted queries
55	containing complex regular expressions to the server that could result
56	in a Denial of Service by a server crash (CVE-2007-4769), an infinite
57	loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two
58	other vulnerabilities can be exploited to gain additional privileges.
59
60	Workaround
61	==========
62
63	There is no known workaround for all these issues at this time.
64
65	Resolution
66	==========
67
68	All PostgreSQL users should upgrade to the latest version:
69
70	# emerge --sync
71	# emerge --ask --oneshot --verbose "dev-db/postgresql"
72
73	References
74	==========
75
76	[ 1 ] CVE-2007-3278
77	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278
78	[ 2 ] CVE-2007-4769
79	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769
80	[ 3 ] CVE-2007-4772
81	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772
82	[ 4 ] CVE-2007-6067
83	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067
84	[ 5 ] CVE-2007-6600
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600
86	[ 6 ] CVE-2007-6601
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601
88
89	Availability
90	============
91
92	This GLSA and any updates to it are available for viewing at
93	the Gentoo Security Website:
94
95	http://security.gentoo.org/glsa/glsa-200801-15.xml
96
97	Concerns?
98	=========
99
100	Security is a primary focus of Gentoo Linux and ensuring the
101	confidentiality and security of our users machines is of utmost
102	importance to us. Any security concerns should be addressed to
103	security@g.o or alternatively, you may file a bug at
104	http://bugs.gentoo.org.
105
106	License
107	=======
108
109	Copyright 2008 Gentoo Foundation, Inc; referenced text
110	belongs to its owner(s).
111
112	The contents of this document are licensed under the
113	Creative Commons - Attribution / Share Alike license.
114
115	http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce