FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postgresql -- multiple vulnerabilities

Affected packages
7.2	<=	ja-postgresql	<	7.2.7
7.3	<=	ja-postgresql	<	7.3.9
7.4	<=	ja-postgresql	<	7.4.7
8.0.0	<=	ja-postgresql	<	8.0.1
7.2	<=	postgresql	<	7.2.7
7.3	<=	postgresql	<	7.3.9
7.4	<=	postgresql	<	7.4.7
8.0.0	<=	postgresql	<	8.0.1
7.2	<=	postgresql-server	<	7.2.7
7.3	<=	postgresql-server	<	7.3.9
7.4	<=	postgresql-server	<	7.4.7
8.0.0	<=	postgresql-server	<	8.0.1

Details

VuXML ID	65c8ecf9-2adb-11db-a6e2-000e0c2e438a
Discovery	2005-02-01
Entry	2006-08-13

Multiple vulnerabilities had been reported in various versions of PostgreSQL:

The EXECUTE restrictions can be bypassed by using the AGGREGATE function, which is missing a permissions check.
A buffer overflow exists in gram.y which could allow an attacker to execute arbitrary code by sending a large number of arguments to a refcursor function, found in gram.y
The intagg contributed module allows an attacker to crash the server (Denial of Service) by constructing a malicious crafted array.

References

CVE Name	CVE-2005-0244
CVE Name	CVE-2005-0245
CVE Name	CVE-2005-0246
URL	http://secunia.com/advisories/12948

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.