|
 |
|
PostgreSQL Multiple Connections Denial of Service Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA18419
|
|
|
Release Date:
|
2006-01-12
|
|
Last Update:
|
2006-02-20
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
DoS
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | PostgreSQL 8.x
|
| | CVE reference: | CVE-2006-0105 (Secunia mirror)
CVE-2006-0591 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability and a weakness has been reported in PostgreSQL, which potentially can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service).
1) An error exists in the handling of multiple concurrent connections. This can be exploited to shutdown the postmaster process.
Successful exploitation causes a situation where new connections can't be established until the service is manually restarted.
The vulnerability has been reported in versions 8.0.0 through 8.0.5 and 8.1.0 through 8.1.1. This only affects the Microsoft Windows platform.
2) Signedness errors in the cryptographic library may increase the probability that certain password hashes are generated using the same salt.
For more information:
SA18772
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to version 8.0.6 or 8.1.2.
http://www.postgresql.org/ftp/
Provided and/or discovered by:
1) The vendor credits Yoshiyuki Asaba.
Changelog:
2006-02-09: Updated "Description", "Other References" sections and added CVE reference.
2006-02-20: Updated "Description" section.
Original Advisory:
http://archives.postgresql.org/pgsql-announce/2006-01/msg00001.php
Other References:
SA18772:
http://secunia.com/advisories/18772/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
8 Related Secunia Security Advisories
|
|
|
1. PostgreSQL Multiple Vulnerabilities
|
|
2. PostgreSQL SECURITY DEFINER Functions Privilege Escalation
|
|
3. PostgreSQL Denial of Service and Information Disclosure
|
|
4. PostgreSQL Denial of Service Vulnerabilities
|
|
5. PostgreSQL Encoding-Based SQL Injection Vulnerability
|
|
6. PostgreSQL Privilege Escalation and Denial of Service
|
|
7. PostgreSQL Character Conversion and tsearch2 Module Vulnerabilities
|
|
8. PostgreSQL Multiple Vulnerabilities
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
