Home > mailing lists

Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in
Date	August 19, 2002 17:24:34
Msg-id	20701.1029781448@sss.pgh.pa.us Whole thread Raw
In response to	Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in (Justin Clift <justin@postgresql.org>)
List	pgsql-hackers

Tree view

Justin Clift <justin@postgresql.org> writes:
> Glad he made the advisory for something there's a fix for.  :)

The claim that this bug allows execution of arbitrary code is bogus anyway.
The overflow at INT_MIN will clobber the stack, yes, but in an absolutely
predetermined way; an attacker will have no opportunity to insert code
of his choosing.
        regards, tom lane

pgsql-hackers by date:

From: Rod Taylor
Date: 19 August 2002, 16:17:51
Subject: Re: [SECURITY] DoS attack on backend possible

From: Tom Lane
Date: 19 August 2002, 17:33:49
Subject: Re: [SECURITY] DoS attack on backend possible

Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in - Mailing list pgsql-hackers

Previous

Next