GLSA
Bodhisattva
Joined: 13 Jun 2003
Posts: 4087
Location: Dresden, Germany
|
 Posted: Mon Feb 14, 2005 11:12 pm Post subject: [ GLSA 200502-19 ] PostgreSQL: Buffer overflows in PL/PgSQL |
 |
|
Gentoo Linux Security Advisory
Title: PostgreSQL: Buffer overflows in PL/PgSQL parser (GLSA 200502-19)
Severity: high
Exploitable: remote
Date: February 14, 2005
Updated: June 26, 2007
Bug(s): #81350
ID: 200502-19
Synopsis
PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser leading to execution of arbitrary code.
Background
PostgreSQL is a SQL compliant, open source object-relational database management system.
Affected Packages
Package: dev-db/postgresql
Vulnerable: < 7.3.9-r1
Vulnerable: < 7.4.13
Vulnerable: < 8.0.1-r1
Unaffected: = 7.3*
Unaffected: = 7.4*
Unaffected: >= 8.0.1-r1
Architectures: All supported architectures
Description
PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser.
Impact
A remote attacker could send a malicious query resulting in the execution of arbitrary code with the permissions of the user running PostgreSQL.
Workaround
There is no known workaround at this time.
Resolution
All PostgreSQL users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose dev-db/postgresql |
References
CAN-2005-0247
Last edited by GLSA on Wed Jun 27, 2007 4:17 am; edited 7 times in total |
|
News & Announcements
