Postgres Pro
Downloads
Home   >   mailing lists

@(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd) - Mailing list pgsql-hackers

From Vince Vielhaber
Subject @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd)
Date
Msg-id Pine.BSF.4.40.0208201552270.19197-100000@paprika.michvhf.com
Whole thread Raw
Responses Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd)  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd)  (Neil Conway <neilc@samurai.com>)
Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL  (Bruce Momjian <pgman@candle.pha.pa.us>)
List pgsql-hackers
Tree view 
Here's yet another.  He claims malicious code can be run on the server
with this one.

Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    http://www.pop4.net        56K Nationwide Dialup from $16.00/mo
atPop4 Networking     http://www.camping-usa.com      http://www.cloudninegifts.com  http://www.meanstreamradio.com
 http://www.unknown-artists.com
 
==========================================================================



---------- Forwarded message ----------
Date: Tue, 20 Aug 2002 14:28:49 +0000
From: Sir Mordred The Traitor <mordred@s-mail.com>
To: bugtraq@securityfocus.com
Subject: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL

//@(#)Mordred Labs advisory 0x0003

Release data: 20/08/02
Name: Buffer overflow in PostgreSQL
Versions affected: all versions
Risk: high

--[ Description:

...PostgreSQL is a sophisticated Object-Relational DBMS,
supporting almost all SQL constructs, including subselects,
transactions, and user-defined types and functions. It is the
most advanced open-source database available anywhere...blah...blah...
For more info check out this link:
http://www.postgresql.org/idocs/index.php?preface.html#INTRO-WHATIS

There exists a heap buffer overflow in a repeat(text, integer) function,
which
allows an attacker to execute malicious code.

--[ Details:

Upon invoking a repeat() function, a
src/backend/utils/adt/oracle_compat.c::repeat() function
will gets called which suffers from a buffer overflow.

--[ How to reproduce:

psql> select repeat('xxx',1431655765);
pqReadData() -- backend closed the channel unexpectedly.       This probably means the backend terminated abnormally
  before or while processing the request.
 
The connection to the server was lost. Attempting reset: Failed.

--[ Solution

Do you still running postgresql? ...Can't believe that...
If so, execute the following command as a root: "killall -9 postmaster",
and wait until the patch will be available.



________________________________________________________________________
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com/inf/en

pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: SRA purchases TurboLinux
Next
From: Tom Lane
Date:
Subject: Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in