| From: | "CERT Coordination Center" <cert(at)cert(dot)org> |
|---|---|
| To: | "PostgreSQL" <pgsql-bugs(at)postgresql(dot)org> |
| Cc: | "CERT Coordination Center" <cert(at)cert(dot)org> |
| Subject: | VU#352803 - postgresql |
| Date: | 2002-08-26 15:52:27 |
| Message-ID: | 200208261552.g7QFqR009227@holmes.blue.cert.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hello folks,
We have received report regarding a vulnerability in one of your
products. We would appreciate greatly your help in reviewing this
issue so that we can document it in our public database.
Please review the following vulnerability note for accuracy and
answer these questions:
1. Have you verified the existence of this vulnerability?
2. Can you tell us how this vulnerability might be exploited? We do
not publish exploit information, but it would help us better
understand and describe the vulnerability itself.
3. Can you provide more specific information on the impact of this
vulnerability?
4. Has it been corrected in a released update or new version of the
product? If yes, please provide links to more information, including
how users can obtain the update or new version.
5. If not yet released, when do you plan on releasing an update to
fix this vulnerability? What should users do in the meantime to limit
exposure to this vulnerability?
CERT/CC Vulnerability Note Draft:
VU#352803 - PostgreSQL contains buffer overflow in "cash_words()"
function
CVE: CVE-NO-MATCH
KEYWORDS:
PostgreSQL
buffer overflow
cash_words() function
OVERVIEW
PostgreSQL contains a buffer-overflow vulnerability in its
cash_words() function.
DESCRIPTION
PostgreSQL is a database management system implementing a subset of
the SQL standard. The cash_words() function contains a stack-based
buffer-overflow vulnerability.
IMPACT
Attackers can force a PostgreSQL connection to close and may be able
to execute malicious PostgreSQL code.
SOLUTION
Upgrade
Upgrade to version 7.2.1 of PostgreSQL.
REFERENCES
http://www.securityfocus.com/bid/5497
CREDIT
Thanks to Sir Mordred The Traitor for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
If there are any mistakes or inaccuracies in the above vulnerability
note, please let me know so they can be corrected before publication.
Regards,
Shawn Van Ittersum
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
| From | Date | Subject | |
|---|---|---|---|
| Next Message | pgsql-bugs | 2002-08-26 18:26:13 | Bug #747: PostgreSQL doesn't use indexes right sometimes |
| Previous Message | Tom Lane | 2002-08-26 14:42:36 | Re: Bug #746: Drop user damages security on tables |