Postgres Pro
Downloads
Home   >   mailing lists

Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in - Mailing list pgsql-hackers

From Justin Clift
Subject Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in
Date
Msg-id 3D612212.4699810C@postgresql.org
Whole thread Raw
In response to @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL (fwd)  (Vince Vielhaber <vev@michvhf.com>)
Responses Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in
Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in
List pgsql-hackers
Tree view 
Hi Vince,

Glad he made the advisory for something there's a fix for.  :)

Regards and best wishes,

Justin Clift


Vince Vielhaber wrote:
> 
> Surprised it took this long.
> 
> Vince.
> --
> ==========================================================================
> Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    http://www.pop4.net
>          56K Nationwide Dialup from $16.00/mo at Pop4 Networking
>       http://www.camping-usa.com      http://www.cloudninegifts.com
>    http://www.meanstreamradio.com       http://www.unknown-artists.com
> ==========================================================================
> 
> ---------- Forwarded message ----------
> Date: Mon, 19 Aug 2002 15:40:28 +0000
> From: Sir Mordred The Traitor <mordred@s-mail.com>
> To: bugtraq@securityfocus.com
> Subject: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL
> 
> // @(#) Mordred Labs Advisory 0x0001
> 
> Release data: 19/08/02
> Name: Buffer overflow in PostgreSQL
> Versions affected: <= 7.2
> Risk: average
> 
> --[ Description:
> PostgreSQL is an advanced object-relational database management system
> that supports an extended subset of the SQL standard, including
> transactions,
> foreign keys, subqueries, triggers, user-defined types and functions.
> 
> There exists a stack based buffer overflow in cash_words() function, that
> potentially allows an attacker to execute malicious code.
> 
> --[ How to reproduce:
> psql> select cash_words('-700000000000000000000000000000');
> pgReadData() -- backend closed the channel unexpectedly.
>         .... ....
> The connection to the server was lost...
> 
> --[ Solution:
> Upgrade to version 7.2.1.
> 
> ________________________________________________________________________
> This letter has been delivered unencrypted. We'd like to remind you that
> the full protection of e-mail correspondence is provided by S-mail
> encryption mechanisms if only both, Sender and Recipient use S-mail.
> Register at S-mail.com: http://www.s-mail.com/inf/en
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
> 
> http://www.postgresql.org/users-lounge/docs/faq.html

-- 
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."  - Indira Gandhi

pgsql-hackers by date:

Previous
From: Vince Vielhaber
Date:
Subject: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL (fwd)
Next
From: Florian Weimer
Date:
Subject: Re: [SECURITY] DoS attack on backend possible