| From: | Justin Clift <justin(at)postgresql(dot)org> |
|---|---|
| To: | Vince Vielhaber <vev(at)michvhf(dot)com> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
| Date: | 2002-08-19 16:51:30 |
| Message-ID: | 3D612212.4699810C@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Vince,
Glad he made the advisory for something there's a fix for. :)
Regards and best wishes,
Justin Clift
Vince Vielhaber wrote:
>
> Surprised it took this long.
>
> Vince.
> --
> ==========================================================================
> Vince Vielhaber -- KA8CSH email: vev(at)michvhf(dot)com http://www.pop4.net
> 56K Nationwide Dialup from $16.00/mo at Pop4 Networking
> http://www.camping-usa.com http://www.cloudninegifts.com
> http://www.meanstreamradio.com http://www.unknown-artists.com
> ==========================================================================
>
> ---------- Forwarded message ----------
> Date: Mon, 19 Aug 2002 15:40:28 +0000
> From: Sir Mordred The Traitor <mordred(at)s-mail(dot)com>
> To: bugtraq(at)securityfocus(dot)com
> Subject: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL
>
> // @(#) Mordred Labs Advisory 0x0001
>
> Release data: 19/08/02
> Name: Buffer overflow in PostgreSQL
> Versions affected: <= 7.2
> Risk: average
>
> --[ Description:
> PostgreSQL is an advanced object-relational database management system
> that supports an extended subset of the SQL standard, including
> transactions,
> foreign keys, subqueries, triggers, user-defined types and functions.
>
> There exists a stack based buffer overflow in cash_words() function, that
> potentially allows an attacker to execute malicious code.
>
> --[ How to reproduce:
> psql> select cash_words('-700000000000000000000000000000');
> pgReadData() -- backend closed the channel unexpectedly.
> .... ....
> The connection to the server was lost...
>
> --[ Solution:
> Upgrade to version 7.2.1.
>
> ________________________________________________________________________
> This letter has been delivered unencrypted. We'd like to remind you that
> the full protection of e-mail correspondence is provided by S-mail
> encryption mechanisms if only both, Sender and Recipient use S-mail.
> Register at S-mail.com: http://www.s-mail.com/inf/en
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html
--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Florian Weimer | 2002-08-19 16:59:00 | Re: [SECURITY] DoS attack on backend possible |
| Previous Message | Vince Vielhaber | 2002-08-19 16:44:33 | @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL (fwd) |