| VID |
25030 |
| Severity |
40 |
| Port |
5432 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The PostgreSQL server, according to its version number, has multiple vulnerabilities.
PostgreSQL is a Object-Relational database management system (DBMS) that supports an extended subset of SQL. It's free and the complete source is available. Some of the PostgreSQL have various vulnerabilities as the following, which allow a remote attacker to causes a Denial of Service(DoS) and execute arbitrary code.
1. Buffer Overflow in environment variables: PostgreSQL has "TZ" and "SET TIME ZONE" environment variables. Due to insufficient bound checking problem in these environment variables, a local attacker can cause a Denial of Service(DoS) or execute code with privileges of PostgreSQL's user.
2. Integer Buffer Overflow: PostgreSQL provides several built-in geo. functions such as the circle_poly, path_encode, and path_add functions. Due to insufficient bound checking problem in these functions, a remote attacker can cause a result of an integer overflow. It will cause a Denial of Service(DoS) and execute arbitrary code.
3. Heap-based Buffer Overflow: There is a improper bound checking problem in the repeat() function of PostgreSQL. By passing a large string to this function, a remote attacker can cause a heap-based buffer overflow. It will cause the system to crash or execute arbitrary code.
4. Stack-based Buffer Overflow: There is a improper bound checking problem in the cash_word() function of PostgreSQL. By passing a large string to this function, a remote attacker can cause a stack-based buffer overflow. It will cause the system to crash or execute arbitrary code.
* Note: This check solely relied on the version number of the remote PostgreSQL server to assess this vulnerability, so this might be a false positive.
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=103021186622725&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=102977465204357&w=2
http://archives.postgresql.org/pgsql-hackers/2002-08/msg0247.php
http://archives.neohapsis.com/archives/bugtraq/2002-08/0204.html
* Platforms Affected:
PostgreSQL 7.2.2 and earlier version
Windows Any version
UNIX Any version
Linux Any version |
| Recommendation |
Upgrade to PostgreSQL (7.2.3 or later) or the latest version from the PostgreSQL web site at ftp://ftp.postgresql.org/pub/ |
| Related URL |
CVE-2002-1397,CVE-2002-1400,CVE-2002-1401,CVE-2002-1402 (CVE) |
| Related URL |
5497,5527,6610,6611,6613,6614,6615 (SecurityFocus) |
| Related URL |
9891,9926,11079,11080 (ISS) |
|
