CVE-2007-4639 - EDB Advanced Server 8.2 improperly handles debugging function calls
First Published: 2007/08/31
Last Updated: 2018/10/15
Summary
EDB Postgres Advanced Server 8.2 (EPAS) does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener
, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_
function, as demonstrated by (1) pldbg_get_stack
and (2) pldbg_abort_target
, which triggers use of an uninitialized pointer.
Vulnerability details
CVE-ID: CVE-2007-4639
CVSS Base Score: Undefined
CVSS Temporal Score: Undefined
CVSS Environmental Score: Undefined
CVSS Vector: Undefined
Affected products and versions
EDB Postgres Advanced Server (EPAS)
- 8.2
Remediation/fixes
Product | VRMF | Remediation/First Fix |
---|---|---|
EPAS | 8.2 | Upgrade to a supported version of EPAS |
Update
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
References
Related information
Acknowledgement
Source: MITRE
Change history
26 July 2023: Original Copy Published
Disclaimer
This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. EDB reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document.
Could this page be better? Report a problem or suggest an addition!