NVD Vulnerability Detail

CVE-2006-2314

Summary	PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.
Publication Date	May 24, 2006, 7:06 p.m.
Registration Date	Jan. 29, 2021, 3:37 p.m.
Last Update	Oct. 19, 2018, 1:39 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:postgresql:postgresql:7.3:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.1:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.2:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.3:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.4:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.5:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.6:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.7:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.8:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.9:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.10:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.11:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.12:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.13:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.14:::::::*
cpe:2.3:a:postgresql:postgresql:7.4:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.1:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.2:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.3:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.4:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.5:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.6:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.7:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.8:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.9:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.10:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.11:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.12:::::::*
cpe:2.3:a:postgresql:postgresql:8.0:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.1:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.2:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.3:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.4:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.5:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.6:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.7:::::::*
cpe:2.3:a:postgresql:postgresql:8.1:::::::*
cpe:2.3:a:postgresql:postgresql:8.1.1:::::::*
cpe:2.3:a:postgresql:postgresql:8.1.2:::::::*
cpe:2.3:a:postgresql:postgresql:8.1.3:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc	SGI
2	http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php	MLIST	Patch
3	http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html	SUSE
4	http://secunia.com/advisories/20231	SECUNIA
5	http://secunia.com/advisories/20232	SECUNIA
6	http://secunia.com/advisories/20314	SECUNIA
7	http://secunia.com/advisories/20435	SECUNIA
8	http://secunia.com/advisories/20451	SECUNIA
9	http://secunia.com/advisories/20503	SECUNIA
10	http://secunia.com/advisories/20555	SECUNIA
11	http://secunia.com/advisories/20653	SECUNIA
12	http://secunia.com/advisories/20782	SECUNIA
13	http://secunia.com/advisories/21001	SECUNIA
14	http://secunia.com/advisories/21749	SECUNIA
15	http://security.gentoo.org/glsa/glsa-200607-04.xml	GENTOO
16	http://securitytracker.com/id?1016142	SECTRACK
17	http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm	CONFIRM
18	http://www.debian.org/security/2006/dsa-1087	DEBIAN
19	http://www.mandriva.com/security/advisories?name=MDKSA-2006:098	MANDRIVA
20	http://www.novell.com/linux/security/advisories/2006_21_sr.html	SUSE
21	http://www.osvdb.org/25731	OSVDB
22	http://www.postgresql.org/docs/techdocs.50	CONFIRM
23	http://www.redhat.com/support/errata/RHSA-2006-0526.html	REDHAT
24	http://www.securityfocus.com/archive/1/435038/100/0/threaded	BUGTRAQ
25	http://www.securityfocus.com/archive/1/435161/100/0/threaded	BUGTRAQ
26	http://www.securityfocus.com/bid/18092	BID
27	http://www.trustix.org/errata/2006/0032/	TRUSTIX
28	http://www.ubuntu.com/usn/usn-288-2	UBUNTU
29	http://www.ubuntu.com/usn/usn-288-3	UBUNTU
30	http://www.vupen.com/english/advisories/2006/1941	VUPEN
31	https://exchange.xforce.ibmcloud.com/vulnerabilities/26627	XF
32	https://exchange.xforce.ibmcloud.com/vulnerabilities/26628	XF
33	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9947	OVAL
34	https://usn.ubuntu.com/288-1/	UBUNTU

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:postgresql:postgresql:7.3:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.1:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.2:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.3:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.4:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.5:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.6:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.7:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.8:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.9:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.10:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.11:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.12:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.13:::::::*
cpe:2.3:a:postgresql:postgresql:7.3.14:::::::*
cpe:2.3:a:postgresql:postgresql:7.4:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.1:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.2:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.3:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.4:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.5:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.6:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.7:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.8:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.9:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.10:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.11:::::::*
cpe:2.3:a:postgresql:postgresql:7.4.12:::::::*
cpe:2.3:a:postgresql:postgresql:8.0:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.1:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.2:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.3:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.4:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.5:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.6:::::::*
cpe:2.3:a:postgresql:postgresql:8.0.7:::::::*
cpe:2.3:a:postgresql:postgresql:8.1:::::::*
cpe:2.3:a:postgresql:postgresql:8.1.1:::::::*
cpe:2.3:a:postgresql:postgresql:8.1.2:::::::*
cpe:2.3:a:postgresql:postgresql:8.1.3:::::::*