CVE-2007-4639 - EDB Advanced Server 8.2 improperly handles debugging function calls

Suggest edits

First Published: 2007/08/31

Last Updated: 2018/10/15

Summary

EDB Postgres Advanced Server 8.2 (EPAS) does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.

Vulnerability details

CVE-ID: CVE-2007-4639
CVSS Base Score: Undefined
CVSS Temporal Score: Undefined
CVSS Environmental Score: Undefined
CVSS Vector: Undefined

Affected products and versions

EDB Postgres Advanced Server (EPAS)

  • 8.2

Remediation/fixes

ProductVRMFRemediation/First Fix
EPAS8.2Upgrade to a supported version of EPAS
Update

This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

References

Acknowledgement

Source: MITRE

Change history

26 July 2023: Original Copy Published

Disclaimer

This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. EDB reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document.


Could this page be better? Report a problem or suggest an addition!