|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] PostgreSQL "pg_to_ascii()" Buffer Overflow Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Oct 30 2003 - 05:34:07 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
PostgreSQL "pg_to_ascii()" Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA10097
VERIFY ADVISORY:
http://www.secunia.com/advisories/10097/
CRITICAL:
Less critical
IMPACT:
System access
WHERE:
From local network
SOFTWARE:
PostgreSQL 7.x
DESCRIPTION:
Two vulnerabilities have been reported in PostgreSQL, which
potentially can be exploited by malicious users to compromise a
vulnerable system.
Boundary errors in the "pg_to_ascii()" function can be exploited to
cause buffer overflows. Though not proven, this may potentially be
exploited to execute arbitrary code on a vulnerable system.
SOLUTION:
Update to version 7.3.4.
http://www.postgresql.org/mirrors-ftp.html
REPORTED BY / CREDITS:
Guido Notari
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]