Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-5540

Disclosure Date: October 26, 2006
CVE-2006-5540
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a “MIN/MAX index optimization.”

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • postgresql

Products

  • postgresql 6.3.2,
  • postgresql 6.5.3,
  • postgresql 7.0.2,
  • postgresql 7.0.3,
  • postgresql 7.1,
  • postgresql 7.1.1,
  • postgresql 7.1.2,
  • postgresql 7.1.3,
  • postgresql 7.2,
  • postgresql 7.2.1,
  • postgresql 7.2.2,
  • postgresql 7.2.3,
  • postgresql 7.2.4,
  • postgresql 7.2.7,
  • postgresql 7.3,
  • postgresql 7.3.1,
  • postgresql 7.3.10,
  • postgresql 7.3.11,
  • postgresql 7.3.12,
  • postgresql 7.3.13,
  • postgresql 7.3.14,
  • postgresql 7.3.15,
  • postgresql 7.3.2,
  • postgresql 7.3.3,
  • postgresql 7.3.4,
  • postgresql 7.3.6,
  • postgresql 7.3.8,
  • postgresql 7.3.9,
  • postgresql 7.4,
  • postgresql 7.4.1,
  • postgresql 7.4.10,
  • postgresql 7.4.11,
  • postgresql 7.4.12,
  • postgresql 7.4.13,
  • postgresql 7.4.2,
  • postgresql 7.4.3,
  • postgresql 7.4.4,
  • postgresql 7.4.5,
  • postgresql 7.4.6,
  • postgresql 7.4.7,
  • postgresql 7.4.8,
  • postgresql 7.4.9,
  • postgresql 8.0,
  • postgresql 8.0.1,
  • postgresql 8.0.2,
  • postgresql 8.0.3,
  • postgresql 8.0.4,
  • postgresql 8.0.5,
  • postgresql 8.0.6,
  • postgresql 8.0.7,
  • postgresql 8.0.8,
  • postgresql 8.1,
  • postgresql 8.1.1,
  • postgresql 8.1.2,
  • postgresql 8.1.3,
  • postgresql 8.1.4

References

Canonical
CVE-2006-5540 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540)
BID-20717 (http://www.securityfocus.com/bid/20717)
Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:194
USN-369-2 (http://www.ubuntu.com/usn/usn-369-2)
SECTRACK-1017115 (http://securitytracker.com/id?1017115)
http://projects.commandprompt.com/public/pgsql/changeset/25504
http://www.redhat.com/support/errata/RHSA-2007-0068.html
ADV-2006-4182 (http://www.vupen.com/english/advisories/2006/4182)
SECUNIA-22606 (http://secunia.com/advisories/22606)
http://support.novell.com/techcenter/psdb/59650c03a8bc5ae310cd7898bd106ad2.html
http://www.postgresql.org/about/news.664
SECUNIA-24284 (http://secunia.com/advisories/24284)
SECUNIA-23048 (http://secunia.com/advisories/23048)
SECUNIA-24577 (http://secunia.com/advisories/24577)
http://www.novell.com/linux/security/advisories/2006_27_sr.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11425
http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm
SECUNIA-23132 (http://secunia.com/advisories/23132)
USN-369-1 (http://www.ubuntu.com/usn/usn-369-1)
SECUNIA-22636 (http://secunia.com/advisories/22636)
http://www.redhat.com/support/errata/RHSA-2007-0064.html
http://www.redhat.com/support/errata/RHSA-2007-0067.html
SECUNIA-22562 (http://secunia.com/advisories/22562)
SECUNIA-22584 (http://secunia.com/advisories/22584)
SECUNIA-24094 (http://secunia.com/advisories/24094)
Miscellaneous
2006-0059 (http://www.trustix.org/errata/2006/0059)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis