[Please upgrade to PostgreSQL 7.2.1 if you're using an earlier version
-- Raju]
This is an RFC 1153 digest.
(1 message)
----------------------------------------------------------------------
Message-ID: <[EMAIL PROTECTED]>
From: Sir Mordred The Traitor <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL
Date: Mon, 19 Aug 2002 15:40:28 +0000
// @(#) Mordred Labs Advisory 0x0001
Release data: 19/08/02
Name: Buffer overflow in PostgreSQL
Versions affected: <= 7.2
Risk: average
--[ Description:
PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions,
foreign keys, subqueries, triggers, user-defined types and functions.
There exists a stack based buffer overflow in cash_words() function, that
potentially allows an attacker to execute malicious code.
--[ How to reproduce:
psql> select cash_words('-700000000000000000000000000000');
pgReadData() -- backend closed the channel unexpectedly.
.... ....
The connection to the server was lost...
--[ Solution:
Upgrade to version 7.2.1.
________________________________________________________________________
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com/inf/en
------------------------------
End of this Digest
******************
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
It is the mind that moves
================================================
To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject
header. Check archives at http://www.mail-archive.com/ilugd%40wpaa.org
