| VID |
25029 |
| Severity |
40 |
| Port |
5432 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The PostgreSQL server, according to its version number, has two buffer overflow vulnerabilities in the to_ascii() function. PostgreSQL is a open-source Object-Relational database management system (DBMS) that supports an extended subset of SQL. A remote attacker could exploit these vulnerabilities by establishing a connection to the database to execute arbitrary code on the system with privileges of the affected service.
* Note: This check solely relied on the version number of the remote PostgreSQL server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securiteam.com/unixfocus/6W0010K8VE.html
http://www.securitytracker.com/alerts/2003/Oct/1008022.html
* Platforms Affected:
PostgreSQL version 7.3.3 and earlier
Windows Any version
UNIX Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of PostgreSQL (7.3.4 or later), available from http://www.postgresql.org/mirrors-ftp.html
For Mandrake Linux:
Upgrade to the latest postgresql package, as listed in MandrakeSoft Security Advisory MDKSA-2003:102 at http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:102 |
| Related URL |
CVE-2003-0901 (CVE) |
| Related URL |
8741 (SecurityFocus) |
| Related URL |
13556 (ISS) |
|
