Quick Links

Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Justin Clift <justin(at)postgresql(dot)org>
Cc:	Vince Vielhaber <vev(at)michvhf(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in
Date:	2002-08-19 18:24:08
Message-ID:	20701.1029781448@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Justin Clift <justin(at)postgresql(dot)org> writes:
> Glad he made the advisory for something there's a fix for. :)

The claim that this bug allows execution of arbitrary code is bogus anyway.
The overflow at INT_MIN will clobber the stack, yes, but in an absolutely
predetermined way; an attacker will have no opportunity to insert code
of his choosing.

regards, tom lane

In response to

Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in at 2002-08-19 16:51:30 from Justin Clift

Responses

Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in at 2002-08-19 22:56:02 from Justin Clift

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2002-08-19 18:33:42	Re: [SECURITY] DoS attack on backend possible
Previous Message	Rod Taylor	2002-08-19 17:17:54	Re: [SECURITY] DoS attack on backend possible