|| ||Sir Mordred The Traitor <email@example.com>|
|| ||@(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL|
|| ||Mon, 19 Aug 2002 15:40:28 +0000|
// @(#) Mordred Labs Advisory 0x0001
Release data: 19/08/02
Name: Buffer overflow in PostgreSQL
Versions affected: <= 7.2
PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
foreign keys, subqueries, triggers, user-defined types and functions.
There exists a stack based buffer overflow in cash_words() function, that
potentially allows an attacker to execute malicious code.
--[ How to reproduce:
psql> select cash_words('-700000000000000000000000000000');
pgReadData() -- backend closed the channel unexpectedly.
The connection to the server was lost...
Upgrade to version 7.2.1.
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com/inf/en
to post comments)