| From: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Justin Clift" <justin(at)postgresql(dot)org> |
| Cc: | "Florian Weimer" <Weimer(at)CERT(dot)Uni-Stuttgart(dot)DE>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Date: | 2002-08-12 02:25:18 |
| Message-ID: | GNELIHDDFBOCMGBFGEFOKEKACDAA.chriskl@familyhealth.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
> Justin Clift <justin(at)postgresql(dot)org> writes:
> > Am I understanding this right:
> > - A PostgreSQL 7.2.1 server can be crashed if it gets passed certain
> > date values which would be accepted by standard "front end" parsing?
>
> AFAIK it's a buffer overrun issue, so anything that looks like a
> reasonable date would *not* cause the problem.
Still, I believe this should require a 7.2.2 release. Imagine a university
database server for a course for example - the students would just crash it
all the time.
Chris
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Justin Clift | 2002-08-12 02:31:56 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Previous Message | Christopher Kings-Lynne | 2002-08-12 02:17:18 | TOAST & DROP COLUMN (Was: RE: pgsql-server/ oc/src/sgml/ref/cluster.sgml rc/ ... ) |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Justin Clift | 2002-08-12 02:31:56 | Re: [SECURITY] DoS attack on backend possible (was: Re: |
| Previous Message | Christopher Kings-Lynne | 2002-08-12 02:15:16 | Re: python patch |