VU#352803 - postgresql
| От | CERT Coordination Center |
|---|---|
| Тема | VU#352803 - postgresql |
| Дата | |
| Msg-id | 200208261552.g7QFqR009227@holmes.blue.cert.org обсуждение исходный текст |
| Ответы |
Re: VU#352803 - postgresql
|
| Список | pgsql-bugs |
Hello folks, We have received report regarding a vulnerability in one of your products. We would appreciate greatly your help in reviewing this issue so that we can document it in our public database. Please review the following vulnerability note for accuracy and answer these questions: 1. Have you verified the existence of this vulnerability? 2. Can you tell us how this vulnerability might be exploited? We do not publish exploit information, but it would help us better understand and describe the vulnerability itself. 3. Can you provide more specific information on the impact of this vulnerability? 4. Has it been corrected in a released update or new version of the product? If yes, please provide links to more information, including how users can obtain the update or new version. 5. If not yet released, when do you plan on releasing an update to fix this vulnerability? What should users do in the meantime to limit exposure to this vulnerability? CERT/CC Vulnerability Note Draft: VU#352803 - PostgreSQL contains buffer overflow in "cash_words()" function CVE: CVE-NO-MATCH KEYWORDS: PostgreSQL buffer overflow cash_words() function OVERVIEW PostgreSQL contains a buffer-overflow vulnerability in its cash_words() function. DESCRIPTION PostgreSQL is a database management system implementing a subset of the SQL standard. The cash_words() function contains a stack-based buffer-overflow vulnerability. IMPACT Attackers can force a PostgreSQL connection to close and may be able to execute malicious PostgreSQL code. SOLUTION Upgrade Upgrade to version 7.2.1 of PostgreSQL. REFERENCES http://www.securityfocus.com/bid/5497 CREDIT Thanks to Sir Mordred The Traitor for reporting this vulnerability. This document was written by Shawn Van Ittersum. If there are any mistakes or inaccuracies in the above vulnerability note, please let me know so they can be corrected before publication. Regards, Shawn Van Ittersum CERT Coordination Center Software Engineering Institute Carnegie Mellon University
В списке pgsql-bugs по дате отправления: