Ken Ashcraft [EMAIL PROTECTED] writes:
I work at Coverity where we use static analysis to find bugs in
software. I ran a security checker over postgresql-7.4.1 and I think I
found a security hole.
In the code below, fld_size gets copied in from a user specified file.
It is passed as the
Ken Ashcraft [EMAIL PROTECTED] writes:
... thus opening up the problem to anyone who can get past the
initial postmaster authentication check. So this is more severe than we
first thought.
Great. Thanks for the feedback. If it is serious, is an advisory in order?
No, we'll just push out
Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
Should we be thinking about a 7.4.3?
I'm not panicking over this particular bug ... but it does seem like
we've accumulated enough fixes since 7.4.2 that it may be time to start
thinking about another dot-release. Maybe set a date
Shachar Shemesh [EMAIL PROTECTED] writes:
Also, if we want greater flexibility in handling these cases in the future, we
should set up an invite-only list for reporting security bugs, and advertise it
on the web site as the place to report security issues. Had this vulnerability
been
On Wed, May 12, 2004 at 10:46:00 +0300,
Shachar Shemesh [EMAIL PROTECTED] wrote:
Industry practices dictate that we do issue SOMETHING now. The bug is
now public, and can be exploited.
The description of the problem indicates that it can only be exploited
after you have authenticated to the
Greg Stark [EMAIL PROTECTED] writes:
Shachar Shemesh [EMAIL PROTECTED] writes:
Also, if we want greater flexibility in handling these cases in the future, we
should set up an invite-only list for reporting security bugs,
A lot of people would be unhappy with that approach. A) they don't know
Bruno Wolff III wrote:
On Wed, May 12, 2004 at 10:46:00 +0300,
Shachar Shemesh [EMAIL PROTECTED] wrote:
Industry practices dictate that we do issue SOMETHING now. The bug is
now public, and can be exploited.
The description of the problem indicates that it can only be exploited
after
Shachar Shemesh [EMAIL PROTECTED] writes:
Ok. How about an official patch against 7.4.2 that fixes it, so that
packagers can make their own informed decision.
The official patch is available to anyone who wants it from our CVS
server.
On Wed, May 12, 2004 at 23:36:49 +0300,
Shachar Shemesh [EMAIL PROTECTED] wrote:
My take on this is different. To me, a DoS is a nuisance, but an
arbitrary code execution vulnerability means information leak, and a
major escalation (from which further escalation may be possible).
A DOS
Tom Lane wrote:
Shachar Shemesh [EMAIL PROTECTED] writes:
Also, has anybody checked what other versions are affected?
Nothing before 7.4, at least by the known implications of this issue.
Again, if we wait a while and let Ken keep running his analysis tool,
he might turn up other stuff we
On Thu, May 13, 2004 at 00:54:19 +0300,
Shachar Shemesh [EMAIL PROTECTED] wrote:
I'm sorry. Maybe it's spending too many years in the security industry
(I've been Check Point's oh my god we have a security problem process
manager for over two years). Maybe it's knowing how to actually
Ken Ashcraft [EMAIL PROTECTED] writes:
I work at Coverity where we use static analysis to find bugs in
software. I ran a security checker over postgresql-7.4.1 and I think I
found a security hole.
In the code below, fld_size gets copied in from a user specified file.
It is passed as the
Tom Lane wrote:
Ken Ashcraft [EMAIL PROTECTED] writes:
I work at Coverity where we use static analysis to find bugs in
software. I ran a security checker over postgresql-7.4.1 and I think I
found a security hole.
In the code below, fld_size gets copied in from a user specified file.
Bruce Momjian [EMAIL PROTECTED] writes:
Should we be thinking about a 7.4.3?
I'm not panicking over this particular bug ... but it does seem like
we've accumulated enough fixes since 7.4.2 that it may be time to start
thinking about another dot-release. Maybe set a date towards the end of
the
I work at Coverity where we use static analysis to find bugs in
software. I ran a security checker over postgresql-7.4.1 and I think I
found a security hole. I'm not familiar with the postgres source, so
this report may be false. My interpretation of the code follows.
I'd appreciate your
15 matches
Mail list logo