Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[UNIX] PostgreSQL Cumulative Security Release (2007-01-07)

from [SecuriTeam] Network Security [Permanent Link]
Subject: [UNIX] PostgreSQL Cumulative Security Release (2007-01-07)
Date: 7 Jan 2008 20:44:03 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  PostgreSQL Cumulative Security Release (2007-01-07)
------------------------------------------------------------------------


SUMMARY

Today the PostgreSQL Global Development Group is releasing updated 
versions which patch five security vulnerabilities. These releases update 
all current PostgreSQL versions, including 8.2, 8.1, 8.0, 7.4 and 7.3. 
They are considered CRITICAL and PostgreSQL DBAs and sysadmins should 
install the update as soon as they reasonably can. Our security team has 
made all efforts to make these patches backwards-compatible, and upgrading 
does not require converting your data files.

Please read the remainder of this message for further important details 
and announcements.

DETAILS

Vulnerable Systems:
 * PostgreSQL version 8.2
 * PostgreSQL version 8.1
 * PostgreSQL version 8.0
 * PostgreSQL version 7.4
 * PostgreSQL version 7.3

Immune Systems:
 * PostgreSQL version 8.2.6
 * PostgreSQL version 8.1.11
 * PostgreSQL version 8.0.15
 * PostgreSQL version 7.4.19
 * PostgreSQL version 7.3.21

There are five security fixes included in this release. None of these 
issues are known to have been exploited in the field; they were discovered 
through security analysis.

Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, 
PostgreSQL allows users to create indexes on the results of user-defined 
functions, known as "expression indexes". This provided two 
vulnerabilities to privilege escalation: (1) index functions were executed 
as the superuser and not the table owner during VACUUM and ANALYZE, and 
(2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within 
index functions. Both of these holes have now been closed.

Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067, 
CVE-2007-4769): three separate issues in the regular expression libraries 
used by PostgreSQL allowed malicious users to initiate a denial-of-service 
by passing certain regular expressions in SQL queries. First, users could 
create infinite loops using some specific regular expressions. Second, 
certain complex regular expressions could consume excessive amounts of 
memory. Third, out-of-range backref numbers could be used to crash the 
backend. All of these issues have been patched.

DBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined 
with local trust or ident authentication could be used by a malicious user 
to gain superuser privileges. This issue has been fixed, and does not 
affect users who have not installed DBLink (an optional module), or who 
are using password authentication for local access. This same problem was 
addressed in the previous release cycle (see CVE-2007-3278), but that 
patch failed to close all forms of the loophole.

Download and Install
PostgreSQL minor releases 8.2.6, 8.1.11, 8.0.15, 7.4.19 and 7.3.21 are 
available through our FTP mirror network:
Source Code:  <http://www.postgresql.org/ftp/source/> 
http://www.postgresql.org/ftp/source/
Binaries for some platforms:  <http://www.postgresql.org/ftp/binary/> 
http://www.postgresql.org/ftp/binary/

If you need additional information on the included updates, it's available 
in our Release Notes ( 
<http://www.postgresql.org/docs/current/static/release.html> 
http://www.postgresql.org/docs/current/static/release.html). These 
upgrades can be copied directly over existing PostgreSQL binaries and do 
not require dump-and-reload for any system which has been updated in the 
last six months (older versions may require some specific post-update 
steps; see the release notes).

As always, PostgreSQL update releases are cumulative. All security fixes 
will be included in the upcoming version 8.3 release candidate. This 
notice will be posted to the PostgreSQL security page:  
<http://www.postgresql.org/support/security> 
http://www.postgresql.org/support/security


ADDITIONAL INFORMATION

The information has been provided by  <mailto:josh@agliodbs.com> Josh 
Berkus.
The original article can be found at:  
<http://www.postgresql.org/support/security> 
http://www.postgresql.org/support/security



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [UNIX] PostgreSQL Cumulative Security Release (2007-01-07), SecuriTeam <=
Previous by Date:  [REVS] Exploiting WDM Audio Drivers, SecuriTeam
Next by Date:  [NT] Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability, SecuriTeam
Previous by Thread:  [REVS] Exploiting WDM Audio Drivers, SecuriTeam
Next by Thread:  [NT] Motorola netOctopus Agent MSR Write Privilege Escalation Vulnerability, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]