Vince Vielhaber wrote: > > Surprised it took this long. Yes, me too, and it says the solution is to upgrade to 7.2.1. Nope.
> ---------- Forwarded message ---------- > Date: Mon, 19 Aug 2002 15:40:28 +0000 > From: Sir Mordred The Traitor <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL > > // @(#) Mordred Labs Advisory 0x0001 > > Release data: 19/08/02 > Name: Buffer overflow in PostgreSQL > Versions affected: <= 7.2 > Risk: average > > --[ Description: > PostgreSQL is an advanced object-relational database management system > that supports an extended subset of the SQL standard, including > transactions, > foreign keys, subqueries, triggers, user-defined types and functions. > > There exists a stack based buffer overflow in cash_words() function, that > potentially allows an attacker to execute malicious code. > > --[ How to reproduce: > psql> select cash_words('-700000000000000000000000000000'); > pgReadData() -- backend closed the channel unexpectedly. > .... .... > The connection to the server was lost... > > --[ Solution: > Upgrade to version 7.2.1. > > > > > ________________________________________________________________________ > This letter has been delivered unencrypted. We'd like to remind you that > the full protection of e-mail correspondence is provided by S-mail > encryption mechanisms if only both, Sender and Recipient use S-mail. > Register at S-mail.com: http://www.s-mail.com/inf/en > > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html > -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly