Re: [SECURITY] DoS attack on backend possible (was: Re:

Hi Florian,

Is it possible to crash a 7.2.1 backend without having an entry in the
pg_hba.conf file?

i.e. Is every PostgreSQL 7.2.1 installation around vulnerable to a
remote DoS (or worse) from any user anywhere, at this moment in time?

Regards and best wishes,

Justin Clift


Florian Weimer wrote:
> 
> Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE> writes:
> 
> > Neil Conway <nconway@klamath.dyndns.org> writes:
> >
> >> Thomas can correct me if I'm mistaken, but I believe these changes apply
> >> to the new integer datetime code
> >
> > No, it's possible to crash the backend in 7.2, too.
> 
> And 7.2.1, of course.
> 
> Let me ask again: Do you plan to address this in an update for 7.2.1?
> 
> --
> Florian Weimer                    Weimer@CERT.Uni-Stuttgart.DE
> University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
> RUS-CERT                          fax +49-711-685-5898
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
> 
> http://www.postgresql.org/users-lounge/docs/faq.html

-- 
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."  - Indira Gandhi