Vulnerabilities > CVE-2009-0663 - Buffer Errors vulnerability in CMU Dbd::Pg 1.49
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0479.NASL description An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. A heap-based buffer overflow flaw was discovered in the pg_getline function implementation. If the pg_getline or getline functions read large, untrusted records from a database, it could cause an application using these functions to crash or, possibly, execute arbitrary code. (CVE-2009-0663) Note: After installing this update, pg_getline may return more data than specified by its second argument, as this argument will be ignored. This is consistent with current upstream behavior. Previously, the length limit (the second argument) was not enforced, allowing a buffer overflow. A memory leak flaw was found in the function performing the de-quoting of BYTEA type values acquired from a database. An attacker able to cause an application using perl-DBD-Pg to perform a large number of SQL queries returning BYTEA records, could cause the application to use excessive amounts of memory or, possibly, crash. (CVE-2009-1341) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains backported patches to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 38768 published 2009-05-14 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38768 title RHEL 5 : perl-DBD-Pg (RHSA-2009:0479) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0479. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(38768); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:14"); script_cve_id("CVE-2009-0663", "CVE-2009-1341"); script_bugtraq_id(34755, 34757); script_xref(name:"RHSA", value:"2009:0479"); script_name(english:"RHEL 5 : perl-DBD-Pg (RHSA-2009:0479)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. A heap-based buffer overflow flaw was discovered in the pg_getline function implementation. If the pg_getline or getline functions read large, untrusted records from a database, it could cause an application using these functions to crash or, possibly, execute arbitrary code. (CVE-2009-0663) Note: After installing this update, pg_getline may return more data than specified by its second argument, as this argument will be ignored. This is consistent with current upstream behavior. Previously, the length limit (the second argument) was not enforced, allowing a buffer overflow. A memory leak flaw was found in the function performing the de-quoting of BYTEA type values acquired from a database. An attacker able to cause an application using perl-DBD-Pg to perform a large number of SQL queries returning BYTEA records, could cause the application to use excessive amounts of memory or, possibly, crash. (CVE-2009-1341) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains backported patches to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0663" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1341" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:0479" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-DBD-Pg package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-DBD-Pg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/30"); script_set_attribute(attribute:"patch_publication_date", value:"2009/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2009:0479"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"perl-DBD-Pg-1.49-2.el5_3.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"perl-DBD-Pg-1.49-2.el5_3.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"perl-DBD-Pg-1.49-2.el5_3.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-DBD-Pg"); } }NASL family SuSE Local Security Checks NASL id SUSE_PERL-DBD-PG-6227.NASL description This update of perl-DBD-Pg fixes a heap-based buffer overflow in function pg_db_getline() (CVE-2009-0663) and a denial of service bug that could be triggered remotely (CVE-2009-1341). last seen 2020-06-01 modified 2020-06-02 plugin id 39434 published 2009-06-17 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39434 title openSUSE 10 Security Update : perl-DBD-Pg (perl-DBD-Pg-6227) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update perl-DBD-Pg-6227. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(39434); script_version ("1.9"); script_cvs_date("Date: 2019/10/25 13:36:37"); script_cve_id("CVE-2009-0663", "CVE-2009-1341"); script_name(english:"openSUSE 10 Security Update : perl-DBD-Pg (perl-DBD-Pg-6227)"); script_summary(english:"Check for the perl-DBD-Pg-6227 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of perl-DBD-Pg fixes a heap-based buffer overflow in function pg_db_getline() (CVE-2009-0663) and a denial of service bug that could be triggered remotely (CVE-2009-1341)." ); script_set_attribute( attribute:"solution", value:"Update the affected perl-DBD-Pg package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(119, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-DBD-Pg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2009/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.3", reference:"perl-DBD-Pg-1.49-76.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-DBD-Pg"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0479.NASL description From Red Hat Security Advisory 2009:0479 : An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. A heap-based buffer overflow flaw was discovered in the pg_getline function implementation. If the pg_getline or getline functions read large, untrusted records from a database, it could cause an application using these functions to crash or, possibly, execute arbitrary code. (CVE-2009-0663) Note: After installing this update, pg_getline may return more data than specified by its second argument, as this argument will be ignored. This is consistent with current upstream behavior. Previously, the length limit (the second argument) was not enforced, allowing a buffer overflow. A memory leak flaw was found in the function performing the de-quoting of BYTEA type values acquired from a database. An attacker able to cause an application using perl-DBD-Pg to perform a large number of SQL queries returning BYTEA records, could cause the application to use excessive amounts of memory or, possibly, crash. (CVE-2009-1341) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains backported patches to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67857 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67857 title Oracle Linux 5 : perl-DBD-Pg (ELSA-2009-0479) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0479 and # Oracle Linux Security Advisory ELSA-2009-0479 respectively. # include("compat.inc"); if (description) { script_id(67857); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:08"); script_cve_id("CVE-2009-0663", "CVE-2009-1341"); script_bugtraq_id(34755, 34757); script_xref(name:"RHSA", value:"2009:0479"); script_name(english:"Oracle Linux 5 : perl-DBD-Pg (ELSA-2009-0479)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2009:0479 : An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. A heap-based buffer overflow flaw was discovered in the pg_getline function implementation. If the pg_getline or getline functions read large, untrusted records from a database, it could cause an application using these functions to crash or, possibly, execute arbitrary code. (CVE-2009-0663) Note: After installing this update, pg_getline may return more data than specified by its second argument, as this argument will be ignored. This is consistent with current upstream behavior. Previously, the length limit (the second argument) was not enforced, allowing a buffer overflow. A memory leak flaw was found in the function performing the de-quoting of BYTEA type values acquired from a database. An attacker able to cause an application using perl-DBD-Pg to perform a large number of SQL queries returning BYTEA records, could cause the application to use excessive amounts of memory or, possibly, crash. (CVE-2009-1341) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains backported patches to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-May/001005.html" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-dbd-pg package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-DBD-Pg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/30"); script_set_attribute(attribute:"patch_publication_date", value:"2009/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"perl-DBD-Pg-1.49-2.el5_3.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-DBD-Pg"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0479.NASL description An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. A heap-based buffer overflow flaw was discovered in the pg_getline function implementation. If the pg_getline or getline functions read large, untrusted records from a database, it could cause an application using these functions to crash or, possibly, execute arbitrary code. (CVE-2009-0663) Note: After installing this update, pg_getline may return more data than specified by its second argument, as this argument will be ignored. This is consistent with current upstream behavior. Previously, the length limit (the second argument) was not enforced, allowing a buffer overflow. A memory leak flaw was found in the function performing the de-quoting of BYTEA type values acquired from a database. An attacker able to cause an application using perl-DBD-Pg to perform a large number of SQL queries returning BYTEA records, could cause the application to use excessive amounts of memory or, possibly, crash. (CVE-2009-1341) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains backported patches to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 43747 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43747 title CentOS 5 : perl-DBD-Pg (CESA-2009:0479) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0479 and # CentOS Errata and Security Advisory 2009:0479 respectively. # include("compat.inc"); if (description) { script_id(43747); script_version("1.13"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2009-0663", "CVE-2009-1341"); script_bugtraq_id(34755, 34757); script_xref(name:"RHSA", value:"2009:0479"); script_name(english:"CentOS 5 : perl-DBD-Pg (CESA-2009:0479)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. A heap-based buffer overflow flaw was discovered in the pg_getline function implementation. If the pg_getline or getline functions read large, untrusted records from a database, it could cause an application using these functions to crash or, possibly, execute arbitrary code. (CVE-2009-0663) Note: After installing this update, pg_getline may return more data than specified by its second argument, as this argument will be ignored. This is consistent with current upstream behavior. Previously, the length limit (the second argument) was not enforced, allowing a buffer overflow. A memory leak flaw was found in the function performing the de-quoting of BYTEA type values acquired from a database. An attacker able to cause an application using perl-DBD-Pg to perform a large number of SQL queries returning BYTEA records, could cause the application to use excessive amounts of memory or, possibly, crash. (CVE-2009-1341) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains backported patches to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2009-May/015877.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f22144df" ); # https://lists.centos.org/pipermail/centos-announce/2009-May/015878.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a054125d" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-dbd-pg package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-DBD-Pg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/30"); script_set_attribute(attribute:"patch_publication_date", value:"2009/05/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"perl-DBD-Pg-1.49-2.el5_3.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-DBD-Pg"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1780.NASL description Two vulnerabilities have been discovered in libdbd-pg-perl, the DBI driver module for PostgreSQL database access (DBD::Pg). - CVE-2009-0663 A heap-based buffer overflow may allow attackers to execute arbitrary code through applications which read rows from the database using the pg_getline and getline functions. (More common retrieval methods, such as selectall_arrayref and fetchrow_array, are not affected.) - CVE-2009-1341 A memory leak in the routine which unquotes BYTEA values returned from the database allows attackers to cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 38202 published 2009-04-29 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38202 title Debian DSA-1780-1 : libdbd-pg-perl - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1780. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(38202); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2009-0663", "CVE-2009-1341"); script_xref(name:"DSA", value:"1780"); script_name(english:"Debian DSA-1780-1 : libdbd-pg-perl - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Two vulnerabilities have been discovered in libdbd-pg-perl, the DBI driver module for PostgreSQL database access (DBD::Pg). - CVE-2009-0663 A heap-based buffer overflow may allow attackers to execute arbitrary code through applications which read rows from the database using the pg_getline and getline functions. (More common retrieval methods, such as selectall_arrayref and fetchrow_array, are not affected.) - CVE-2009-1341 A memory leak in the routine which unquotes BYTEA values returned from the database allows attackers to cause a denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-0663" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-1341" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1780" ); script_set_attribute( attribute:"solution", value: "Upgrade the libdbd-pg-perl package. For the old stable distribution (etch), these problems have been fixed in version 1.49-2+etch1. For the stable distribution (lenny) and the unstable distribution (sid), these problems have been fixed in version 2.1.3-1 before the release of lenny." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(119, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdbd-pg-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libdbd-pg-perl", reference:"1.49-2+etch1")) flag++; if (deb_check(release:"5.0", prefix:"libdbd-pg-perl", reference:"2.1.3-1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-344.NASL description Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg : Heap-based buffer overflow in the DBD::Pg module for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns (CVE-2009-1341). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 43609 published 2009-12-29 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43609 title Mandriva Linux Security Advisory : perl-DBD-Pg (MDVSA-2009:344) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:344. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(43609); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:52"); script_cve_id("CVE-2009-0663", "CVE-2009-1341"); script_bugtraq_id(34755, 34757); script_xref(name:"MDVSA", value:"2009:344"); script_name(english:"Mandriva Linux Security Advisory : perl-DBD-Pg (MDVSA-2009:344)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities was discovered and corrected in perl-DBD-Pg : Heap-based buffer overflow in the DBD::Pg module for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns (CVE-2009-1341). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for these vulnerabilities." ); script_set_attribute( attribute:"solution", value:"Update the affected perl-DBD-Pg package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-DBD-Pg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"perl-DBD-Pg-1.49-2.1mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Scientific Linux Local Security Checks NASL id SL_20090513_PERL_DBD_PG_ON_SL5_X.NASL description A heap-based buffer overflow flaw was discovered in the pg_getline function implementation. If the pg_getline or getline functions read large, untrusted records from a database, it could cause an application using these functions to crash or, possibly, execute arbitrary code. (CVE-2009-0663) Note: After installing this update, pg_getline may return more data than specified by its second argument, as this argument will be ignored. This is consistent with current upstream behavior. Previously, the length limit (the second argument) was not enforced, allowing a buffer overflow. A memory leak flaw was found in the function performing the de-quoting of BYTEA type values acquired from a database. An attacker able to cause an application using perl-DBD-Pg to perform a large number of SQL queries returning BYTEA records, could cause the application to use excessive amounts of memory or, possibly, crash. (CVE-2009-1341) Applications using perl-DBD-Pg must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60583 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60583 title Scientific Linux Security Update : perl-DBD-Pg on SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60583); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:18"); script_cve_id("CVE-2009-0663", "CVE-2009-1341"); script_name(english:"Scientific Linux Security Update : perl-DBD-Pg on SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Scientific Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A heap-based buffer overflow flaw was discovered in the pg_getline function implementation. If the pg_getline or getline functions read large, untrusted records from a database, it could cause an application using these functions to crash or, possibly, execute arbitrary code. (CVE-2009-0663) Note: After installing this update, pg_getline may return more data than specified by its second argument, as this argument will be ignored. This is consistent with current upstream behavior. Previously, the length limit (the second argument) was not enforced, allowing a buffer overflow. A memory leak flaw was found in the function performing the de-quoting of BYTEA type values acquired from a database. An attacker able to cause an application using perl-DBD-Pg to perform a large number of SQL queries returning BYTEA records, could cause the application to use excessive amounts of memory or, possibly, crash. (CVE-2009-1341) Applications using perl-DBD-Pg must be restarted for the update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0905&L=scientific-linux-errata&T=0&P=1157 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?962a7132" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-DBD-Pg package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(119, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"perl-DBD-Pg-1.49-2.el5_3.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
| accepted | 2013-04-29T04:19:48.489-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:9499 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. | ||||||||||||
| version | 18 |
Redhat
| advisories |
| ||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34755 CVE ID:CVE-2009-0663 DBD::Pg是一款用于PostgreSQL数据库访问的DBI驱动模块。 DBD::Pg存在基于堆的缓冲区溢出,远程攻击者可以利用漏洞执行任意代码。 使用pg_getline和getline函数可从数据库中读取行信息的应用程序可通过触发堆溢出而执行任意代码。 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 armel Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Debian系统可参考如下升级程序: Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> .orig.tar.gz Size/MD5 checksum: 147310 76b9d6a2f4cbaefcba23380f83998215 <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1.diff.gz Size/MD5 checksum: 7869 56a99e2007bf916001c3f25e666b5eb1 <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1.dsc Size/MD5 checksum: 1137 27572a9adacd09243cbc9a6cbd8b32cf amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1_amd64.deb Size/MD5 checksum: 131228 f4c6b39a15df7b264e4fec6c84348a00 arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1_arm.deb Size/MD5 checksum: 125596 071c0261e3c53c0c58d7c49deda91c4d hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1_hppa.deb Size/MD5 checksum: 136324 c523cf9f116595cf92087694018eeaeb i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1_i386.deb Size/MD5 checksum: 128756 99639a5e94713216d7ab656569c3a1d9 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1_ia64.deb Size/MD5 checksum: 155694 5cc52a6a7a2f20659a7c1a0a2202b4c9 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1_mips.deb Size/MD5 checksum: 116780 da0d63d78a9b71edf49a49d9ca931887 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1_mipsel.deb Size/MD5 checksum: 116568 e23a1521db5192b9029d67c8f05bfd8f powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1_powerpc.deb Size/MD5 checksum: 131058 2dfd7e0569b0b712dcdc195788a86c9b s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1_s390.deb Size/MD5 checksum: 123850 a42d01e742d27217d859c883c2a38ef1 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49 target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49</a> -2+etch1_sparc.deb Size/MD5 checksum: 129566 f4194cffcb723109eea117e1397d1e43 |
| id | SSV:5136 |
| last seen | 2017-11-19 |
| modified | 2009-04-30 |
| published | 2009-04-30 |
| reporter | Root |
| title | DBD::Pg 'pg_getline()'和'getline()'堆缓冲区溢出漏洞 |
References
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://secunia.com/advisories/34909
- http://secunia.com/advisories/35058
- http://secunia.com/advisories/35685
- http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz
- http://www.debian.org/security/2009/dsa-1780
- http://www.redhat.com/support/errata/RHSA-2009-0479.html
- http://www.redhat.com/support/errata/RHSA-2009-1067.html
- http://www.securityfocus.com/bid/34755
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50467
- https://launchpad.net/bugs/cve/2009-0663
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499