LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

postgresql: remote code execution

Package(s):postgresql CVE #(s):CAN-2003-0901
Created:October 30, 2003 Updated:November 17, 2003
Description: Two bugs leading to a buffer overflow in the PostgreSQL RDBMS, versions 7.2.x and 7.3.x prior to 7.3.4, were discovered. The vulnerability exists in the PostgreSQL abstract data type (ADT) to ASCII conversion functions.

It has been conjectured that excessive data passed to the involved to_ascii_xxx() functions may overrun the bounds of an insufficient buffer reserved in heap memory, resulting in the corruption of heap based memory management structures that are adjacent to it. It is currently believed that under the correct circumstances an attacker may use this to execute arbitrary instructions in the context of the PostgreSQL server.

The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0901 to the problem.

Alerts:
Trustix 2003-0040 2003-11-15
Conectiva CLA-2003:784 2003-11-13
Red Hat RHSA-2003:313-00 2003-11-13
OpenPKG OpenPKG-SA-2003.048 2003-11-11
Mandrake MDKSA-2003:102 2003-11-03
OpenPKG OpenPKG-SA-2003.047 2003-10-30
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds