| From: | Florian Weimer <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE> |
|---|---|
| To: | Greg Copeland <greg(at)CopelandConsulting(dot)Net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Justin Clift <justin(at)postgresql(dot)org>, PostgresSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Date: | 2002-08-12 13:48:10 |
| Message-ID: | 87adns2nol.fsf@CERT.Uni-Stuttgart.DE |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Greg Copeland <greg(at)CopelandConsulting(dot)Net> writes:
> Well, if it's a buffer overrun, there is certainly potential for risks
> well beyond that of simply crashing the "be".
It's a buffer overrun, but the data has to pass through the date/time
parser in the backend, so it's not entirely obvious how you can
exploit this to run arbitrary code.
--
Florian Weimer Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Florian Weimer | 2002-08-12 13:51:35 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Previous Message | Greg Copeland | 2002-08-12 13:24:16 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Florian Weimer | 2002-08-12 13:51:35 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Previous Message | Tom Lane | 2002-08-12 13:40:12 | Re: Strange bahaviour |