|| ||Sir Mordred The Traitor <firstname.lastname@example.org>|
|| ||@(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL|
|| ||Tue, 20 Aug 2002 14:28:49 +0000|
//@(#)Mordred Labs advisory 0x0003
Release data: 20/08/02
Name: Buffer overflow in PostgreSQL
Versions affected: all versions
...PostgreSQL is a sophisticated Object-Relational DBMS,
supporting almost all SQL constructs, including subselects,
transactions, and user-defined types and functions. It is the
most advanced open-source database available anywhere...blah...blah...
For more info check out this link:
There exists a heap buffer overflow in a repeat(text, integer) function,
allows an attacker to execute malicious code.
Upon invoking a repeat() function, a
will gets called which suffers from a buffer overflow.
--[ How to reproduce:
psql> select repeat('xxx',1431655765);
pqReadData() -- backend closed the channel unexpectedly.
This probably means the backend terminated abnormally
before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.
Do you still running postgresql? ...Can't believe that...
If so, execute the following command as a root: "killall -9 postmaster",
and wait until the patch will be available.
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com/inf/en
to post comments)