National Cyber Awareness System

Vulnerability Summary for CVE-2007-6067

Overview

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID

Name: 27163

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/27163

External Source: XF

Name: postgresql-complex-expression-dos(39498)

Hyperlink:http://xforce.iss.net/xforce/xfdb/39498

External Source: VUPEN

Name: ADV-2008-1071

Hyperlink:http://www.vupen.com/english/advisories/2008/1071/references

External Source: VUPEN

Name: ADV-2008-0109

Hyperlink:http://www.vupen.com/english/advisories/2008/0109

External Source: VUPEN

Name: ADV-2008-0061

Hyperlink:http://www.vupen.com/english/advisories/2008/0061

External Source: CONFIRM

Name: http://www.postgresql.org/about/news.905

Hyperlink:http://www.postgresql.org/about/news.905

External Source: MANDRIVA

Name: MDVSA-2008:004

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:004

External Source: CONFIRM

Name: http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

Hyperlink:http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894

External Source: CONFIRM

Name: http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

Hyperlink:http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894

External Source: SECTRACK

Name: 1019157

Hyperlink:http://securitytracker.com/id?1019157

External Source: SECUNIA

Name: 28359

Type: Advisory

Hyperlink:http://secunia.com/advisories/28359

External Source: REDHAT

Name: RHSA-2013:0122

Hyperlink:http://rhn.redhat.com/errata/RHSA-2013-0122.html

External Source: OVAL

Name: oval:org.mitre.oval:def:10235

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10235

External Source: HP

Name: HPSBTU02325

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

External Source: FEDORA

Name: FEDORA-2008-0552

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

External Source: FEDORA

Name: FEDORA-2008-0478

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-1768

Hyperlink:https://issues.rpath.com/browse/RPL-1768

External Source: UBUNTU

Name: USN-568-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-568-1

External Source: BUGTRAQ

Name: 20080115 rPSA-2008-0016-1 postgresql postgresql-server

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/486407/100/0/threaded

External Source: BUGTRAQ

Name: 20080107 PostgreSQL 2007-01-07 Cumulative Security Release

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/485864/100/0/threaded

External Source: REDHAT

Name: RHSA-2008:0040

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0040.html

External Source: REDHAT

Name: RHSA-2008:0038

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0038.html

External Source: DEBIAN

Name: DSA-1463

Hyperlink:http://www.debian.org/security/2008/dsa-1463

External Source: DEBIAN

Name: DSA-1460

Hyperlink:http://www.debian.org/security/2008/dsa-1460

External Source: SUNALERT

Name: 200559

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

External Source: SUNALERT

Name: 103197

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

External Source: GENTOO

Name: GLSA-200801-15

Hyperlink:http://security.gentoo.org/glsa/glsa-200801-15.xml

External Source: SECUNIA

Name: 29638

Hyperlink:http://secunia.com/advisories/29638

External Source: SECUNIA

Name: 28698

Hyperlink:http://secunia.com/advisories/28698

External Source: SECUNIA

Name: 28679

Hyperlink:http://secunia.com/advisories/28679

External Source: SECUNIA

Name: 28479

Hyperlink:http://secunia.com/advisories/28479

External Source: SECUNIA

Name: 28477

Hyperlink:http://secunia.com/advisories/28477

External Source: SECUNIA

Name: 28464

Hyperlink:http://secunia.com/advisories/28464

External Source: SECUNIA

Name: 28455

Hyperlink:http://secunia.com/advisories/28455

External Source: SECUNIA

Name: 28454

Hyperlink:http://secunia.com/advisories/28454

External Source: SECUNIA

Name: 28438

Hyperlink:http://secunia.com/advisories/28438

External Source: SECUNIA

Name: 28437

Hyperlink:http://secunia.com/advisories/28437

External Source: SECUNIA

Name: 28376

Hyperlink:http://secunia.com/advisories/28376

External Source: SUSE

Name: SUSE-SA:2008:005

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

External Source: HP

Name: HPSBTU02325

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

References to Check Content

Identifier:oval:org.mitre.oval:def:10235

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10235