FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-6067

This CVE name corresponds to:

Entered	Topic
2008-04-24	postgresql -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-6067 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2007-6067
Phase	Assigned(20071121)

Description

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.

References

Source	Reference
BUGTRAQ	20080107 PostgreSQL 2007-01-07 Cumulative Security Release
BUGTRAQ	20080115 rPSA-2008-0016-1 postgresql postgresql-server
CONFIRM	http://sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
CONFIRM	http://sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
CONFIRM	http://www.postgresql.org/about/news.905
CONFIRM	https://issues.rpath.com/browse/RPL-1768
DEBIAN	DSA-1460
DEBIAN	DSA-1463
FEDORA	FEDORA-2008-0478
FEDORA	FEDORA-2008-0552
GENTOO	GLSA-200801-15
HP	HPSBTU02325
HP	SSRT080006
MANDRIVA	MDVSA-2008:004
REDHAT	RHSA-2008:0038
REDHAT	RHSA-2008:0040
REDHAT	RHSA-2013:0122
SUNALERT	103197
SUNALERT	200559
SUSE	SUSE-SA:2008:005
UBUNTU	USN-568-1
BID	27163
OVAL	oval:org.mitre.oval:def:10235
VUPEN	ADV-2008-0061
VUPEN	ADV-2008-0109
VUPEN	ADV-2008-1071
SECTRACK	1019157
SECUNIA	28359
SECUNIA	28376
SECUNIA	28438
SECUNIA	28437
SECUNIA	28454
SECUNIA	28464
SECUNIA	28477
SECUNIA	28479
SECUNIA	28455
SECUNIA	28679
SECUNIA	28698
SECUNIA	29638
XF	postgresql-complex-expression-dos(39498)