|
|
|
|
| |
PostgreSQL is "an advanced object-relational database management system that supports an extended subset of the SQL standard, including transactions, foreign keys, subqueries, triggers, user-defined types and functions".
A vulnerability in PostgreSQL's cash_words() allows attacker to cause the program to execute arbitrary code by overflowing an internal buffer. |
| |
Credit:
The information has been provided by Sir Mordred The Traitor.
|
| |
Vulnerable systems:
* PostgreSQL version 7.2.0 and prior
Immune systems:
* PostgreSQL version 7.2.1
There exists a stack based buffer overflow in cash_words() function, that potentially allows an attacker to execute malicious code.
How to reproduce:
psql> select cash_words('-700000000000000000000000000000');
pgReadData() -- backend closed the channel unexpectedly.
.... ....
The connection to the server was lost...
Solution:
Upgrade to version 7.2.1.
|
|
|
|
|
