Quick Links

Re: postgres vulnerability

From:	Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com>
To:	Neil Conway <neilc(at)samurai(dot)com>
Cc:	Gaetano Mendola <mendola(at)bigfoot(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: postgres vulnerability
Date:	2004-10-10 13:48:42
Message-ID:	20041010064438.M66363@megazone.bigpanda.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Sun, 10 Oct 2004, Neil Conway wrote:

> Gaetano Mendola wrote:
> > Here http://www.sans.org/top20/#u9
> > are listed postgres vulnerability it's sad see that almost all
> > are related to third part components
>
> "Almost all"? By my count, 12 of the 17 vulnerabilities refer to
> legitimate problems in PostgreSQL, its RPM distribution, or the ODBC driver.

However, even removing "almost all" from the comment, it's still pretty
sad that a "trusted source for computer security training, certification
and research" would have a >25% miss rate on properly categorizing
vulnerabilities.

In response to

Re: postgres vulnerability at 2004-10-10 04:02:00 from Neil Conway

Responses

Re: postgres vulnerability at 2004-10-12 16:33:58 from Dave Cramer

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	ohp	2004-10-10 18:11:29	Re: beta3 on unixware 714
Previous Message	Gaetano Mendola	2004-10-10 12:38:40	Re: postgres vulnerability