Rapid7 Vulnerability & Exploit Database

RHSA-2003:313: Updated PostgreSQL packages fix buffer overflow

Back to Search

RHSA-2003:313: Updated PostgreSQL packages fix buffer overflow

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
11/03/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated PostgreSQL packages that correct a buffer overflow in the to_ascii routines are now available.

PostgreSQL is an advanced Object-Relational database management system (DBMS). Two bugs that can lead to buffer overflows have been found in the PostgreSQL abstract data type to ASCII conversion routines. A remote attacker who is able to influence the data passed to the to_ascii functions may be able to execute arbitrary code in the context of the PostgreSQL server. These issues affect PostgreSQL 7.2.x, and 7.3.x before 7.3.4. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0901 to these issues. In addition, a bug that can lead to leaks has been found in the string to timestamp abstract data type conversion routine. If the input string to the to_timestamp() routine is shorter than what the template string is expecting, the routine will run off the end of the input string, resulting in a leak of previous timestamp behavior and unstable behavior. Users of PostgreSQL are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.

Solution(s)

  • redhat-upgrade-postgresql
  • redhat-upgrade-postgresql-contrib
  • redhat-upgrade-postgresql-devel
  • redhat-upgrade-postgresql-docs
  • redhat-upgrade-postgresql-jdbc
  • redhat-upgrade-postgresql-libs
  • redhat-upgrade-postgresql-odbc
  • redhat-upgrade-postgresql-perl
  • redhat-upgrade-postgresql-pl
  • redhat-upgrade-postgresql-python
  • redhat-upgrade-postgresql-server
  • redhat-upgrade-postgresql-tcl
  • redhat-upgrade-postgresql-test
  • redhat-upgrade-postgresql-tk
  • redhat-upgrade-postgresql72-libs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;