Vulnerabilities > CVE-2009-0922 - Resource Management Errors vulnerability in Postgresql
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. Per: https://bugzilla.redhat.com/show_bug.cgi?id=488156 "PostgreSQL allows remote authenticated users to cause a momentary denial of service (crash due to stack consumption) when there is a failure to convert a localized error message to the client-specified encoding. In releases 8.3.6, 8.2.12, 8.1.16. 8.0.20, and 7.4.24, a trivial misconfiguration is sufficient to provoke a crash. In older releases it is necessary to select a locale and client encoding for which specific messages fail to translate, and so a given installation may or may not be vulnerable depending on the administrator-determined locale setting. Releases 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 are secure against all known variants of this issue."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | PostgreSQL 8.3.6 Conversion Encoding Remote Denial of Service Vulnerability. CVE-2009-0922. Dos exploit for linux platform |
| id | EDB-ID:32849 |
| last seen | 2016-02-03 |
| modified | 2009-03-11 |
| published | 2009-03-11 |
| reporter | Afonin Denis |
| source | https://www.exploit-db.com/download/32849/ |
| title | PostgreSQL <= 8.3.6 - Conversion Encoding Remote Denial of Service Vulnerability |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_123591.NASL description SunOS 5.10_x86: PostgreSQL patch. Date this patch was last updated by Sun : Jan/14/10 This plugin has been deprecated and either replaced with individual 123591 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 24849 published 2007-03-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24849 title Solaris 10 (x86) : 123591-12 (deprecated) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-22.NASL description The remote host is affected by the vulnerability described in GLSA-201110-22 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the last seen 2020-06-01 modified 2020-06-02 plugin id 56626 published 2011-10-25 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56626 title GLSA-201110-22 : PostgreSQL: Multiple vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS10_138826.NASL description SunOS 5.10: PostgreSQL 8.3 core patch. Date this patch was last updated by Sun : Mar/29/13 This plugin has been deprecated and either replaced with individual 138826 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 39555 published 2009-06-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39555 title Solaris 10 (sparc) : 138826-12 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_123590-12.NASL description SunOS 5.10: PostgreSQL patch. Date this patch was last updated by Sun : Jan/14/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107391 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107391 title Solaris 10 (sparc) : 123590-12 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_138827.NASL description SunOS 5.10_x86: PostgreSQL 8.3 core patch. Date this patch was last updated by Sun : Mar/29/13 This plugin has been deprecated and either replaced with individual 138827 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 39558 published 2009-06-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39558 title Solaris 10 (x86) : 138827-12 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_11_POSTGRESQL-090324.NASL description Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding. (CVE-2009-0922) last seen 2020-06-01 modified 2020-06-02 plugin id 41450 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41450 title SuSE 11 Security Update : PostgreSQL (SAT Patch Number 674) NASL family Solaris Local Security Checks NASL id SOLARIS10_136998.NASL description SunOS 5.10: PostgreSQL 8.2 core patch. Date this patch was last updated by Sun : Jun/09/11 This plugin has been deprecated and either replaced with individual 136998 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 30169 published 2008-02-05 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30169 title Solaris 10 (sparc) : 136998-10 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_123591-12.NASL description SunOS 5.10_x86: PostgreSQL patch. Date this patch was last updated by Sun : Jan/14/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107893 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107893 title Solaris 10 (x86) : 123591-12 NASL family Solaris Local Security Checks NASL id SOLARIS10_138826-12.NASL description SunOS 5.10: PostgreSQL 8.3 core patch. Date this patch was last updated by Sun : Mar/29/13 last seen 2020-06-01 modified 2020-06-02 plugin id 107507 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107507 title Solaris 10 (sparc) : 138826-12 NASL family SuSE Local Security Checks NASL id SUSE9_12383.NASL description Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding. (CVE-2009-0922) last seen 2020-06-01 modified 2020-06-02 plugin id 41288 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41288 title SuSE9 Security Update : PostgreSQL (YOU Patch Number 12383) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-753-1.NASL description It was discovered that PostgreSQL did not properly handle encoding conversion failures. An attacker could exploit this by sending specially crafted requests to PostgreSQL, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37152 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37152 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : postgresql-8.1, postgresql-8.3 vulnerability (USN-753-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_136999.NASL description SunOS 5.10_x86: PostgreSQL 8.2 core patch. Date this patch was last updated by Sun : Jun/09/11 This plugin has been deprecated and either replaced with individual 136999 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 30175 published 2008-02-05 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=30175 title Solaris 10 (x86) : 136999-10 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_136999-10.NASL description SunOS 5.10_x86: PostgreSQL 8.2 core patch. Date this patch was last updated by Sun : Jun/09/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107978 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107978 title Solaris 10 (x86) : 136999-10 NASL family SuSE Local Security Checks NASL id SUSE_11_1_POSTGRESQL-090324.NASL description Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding (CVE-2009-0922). last seen 2020-06-01 modified 2020-06-02 plugin id 40299 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40299 title openSUSE Security Update : postgresql (postgresql-675) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_138827-12.NASL description SunOS 5.10_x86: PostgreSQL 8.3 core patch. Date this patch was last updated by Sun : Mar/29/13 last seen 2020-06-01 modified 2020-06-02 plugin id 108005 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108005 title Solaris 10 (x86) : 138827-12 NASL family Fedora Local Security Checks NASL id FEDORA_2009-2959.NASL description Update to PostgreSQL 8.3.7, for various fixes described at http://www.postgresql.org/docs/8.3/static/release-8-3-7.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36811 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36811 title Fedora 10 : postgresql-8.3.7-1.fc10 (2009-2959) NASL family SuSE Local Security Checks NASL id SUSE_POSTGRESQL-6115.NASL description Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding (CVE-2009-0922). last seen 2020-06-01 modified 2020-06-02 plugin id 36169 published 2009-04-16 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36169 title openSUSE 10 Security Update : postgresql (postgresql-6115) NASL family Scientific Linux Local Security Checks NASL id SL_20091007_POSTGRESQL_ON_SL3_X.NASL description CVE-2009-0922 postgresql: potential DoS due to conversion functions CVE-2009-3230 postgresql: SQL privilege escalation, incomplete fix for CVE-2007-6600 It was discovered that the upstream patch for CVE-2007-6600 included in the Scientific Linux did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) A flaw was found in the way PostgreSQL handled encoding conversion. A remote, authenticated user could trigger an encoding conversion failure, possibly leading to a temporary denial of service. Note: To exploit this issue, a locale and client encoding for which specific messages fail to translate must be selected (the availability of these is determined by an administrator-defined locale setting). (CVE-2009-0922) Note: For Scientific Linux 4, this update upgrades PostgreSQL to version 7.4.26. For Scientific Linux 5, this update upgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html http://www.postgresql.org/docs/8.1/static/release.html If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 60675 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60675 title Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_0_POSTGRESQL-090324.NASL description Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding (CVE-2009-0922). last seen 2020-06-01 modified 2020-06-02 plugin id 40113 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40113 title openSUSE Security Update : postgresql (postgresql-675) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1484.NASL description From Red Hat Security Advisory 2009:1484 : Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) A flaw was found in the way PostgreSQL handled encoding conversion. A remote, authenticated user could trigger an encoding conversion failure, possibly leading to a temporary denial of service. Note: To exploit this issue, a locale and client encoding for which specific messages fail to translate must be selected (the availability of these is determined by an administrator-defined locale setting). (CVE-2009-0922) Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users should upgrade to these updated packages, which resolve these issues. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 67936 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67936 title Oracle Linux 4 / 5 : postgresql (ELSA-2009-1484) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-079.NASL description PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests (CVE-2009-0922). This update provides a fix for this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 37346 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37346 title Mandriva Linux Security Advisory : postgresql (MDVSA-2009:079) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1484.NASL description Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) A flaw was found in the way PostgreSQL handled encoding conversion. A remote, authenticated user could trigger an encoding conversion failure, possibly leading to a temporary denial of service. Note: To exploit this issue, a locale and client encoding for which specific messages fail to translate must be selected (the availability of these is determined by an administrator-defined locale setting). (CVE-2009-0922) Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users should upgrade to these updated packages, which resolve these issues. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 43800 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43800 title CentOS 4 / 5 : postgresql (CESA-2009:1484) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1484.NASL description Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) A flaw was found in the way PostgreSQL handled encoding conversion. A remote, authenticated user could trigger an encoding conversion failure, possibly leading to a temporary denial of service. Note: To exploit this issue, a locale and client encoding for which specific messages fail to translate must be selected (the availability of these is determined by an administrator-defined locale setting). (CVE-2009-0922) Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a list of changes : http://www.postgresql.org/docs/7.4/static/release.html http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users should upgrade to these updated packages, which resolve these issues. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 42064 published 2009-10-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42064 title RHEL 4 / 5 : postgresql (RHSA-2009:1484) NASL family SuSE Local Security Checks NASL id SUSE_POSTGRESQL-6114.NASL description Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding. (CVE-2009-0922) last seen 2020-06-01 modified 2020-06-02 plugin id 41579 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41579 title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6114) NASL family Solaris Local Security Checks NASL id SOLARIS10_123590.NASL description SunOS 5.10: PostgreSQL patch. Date this patch was last updated by Sun : Jan/14/10 This plugin has been deprecated and either replaced with individual 123590 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 24845 published 2007-03-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24845 title Solaris 10 (sparc) : 123590-12 (deprecated) NASL family Fedora Local Security Checks NASL id FEDORA_2009-2927.NASL description Update to PostgreSQL 8.3.7, for various fixes described at http://www.postgresql.org/docs/8.3/static/release-8-3-7.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35995 published 2009-03-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35995 title Fedora 9 : postgresql-8.3.7-1.fc9 (2009-2927) NASL family Solaris Local Security Checks NASL id SOLARIS10_136998-10.NASL description SunOS 5.10: PostgreSQL 8.2 core patch. Date this patch was last updated by Sun : Jun/09/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107480 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107480 title Solaris 10 (sparc) : 136998-10
Oval
accepted 2013-04-29T04:09:32.967-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. family unix id oval:org.mitre.oval:def:10874 status accepted submitted 2010-07-09T03:56:16-04:00 title PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. version 27 accepted 2009-09-07T04:00:13.826-04:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard definition_extensions comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926
description PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests. family unix id oval:org.mitre.oval:def:6252 status accepted submitted 2009-07-28T11:46:34.000-04:00 title Security Vulnerability in PostgreSQL Shipped with Solaris may Allow a Denial of Service (DoS) version 35
Redhat
| advisories |
| ||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34090 CVE(CAN) ID: CVE-2009-0922 PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL处理转换编码时存在栈溢出漏洞,通过认证的用户可以通过提交特制的SQL查询请求在一段时间期间杀死到PostgreSQL服务器的连接,中断其他用户和客户端的事务处理。 PostgreSQL 8.3.6 厂商补丁: PostgreSQL ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.postgresql.org target=_blank rel=external nofollow>http://www.postgresql.org</a> |
| id | SSV:4928 |
| last seen | 2017-11-19 |
| modified | 2009-03-19 |
| published | 2009-03-19 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-4928 |
| title | PostgreSQL转换编码远程拒绝服务漏洞 |
Statements
| contributor | Tomas Hoger |
| lastmodified | 2009-10-08 |
| organization | Red Hat |
| statement | This issue has been addressed in Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-1484.html and in Red Hat Application Stack v2 via: https://rhn.redhat.com/errata/RHSA-2009-1067.html |
References
- http://archives.postgresql.org//pgsql-bugs/2009-02/msg00176.php
- http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517405
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
- http://marc.info/?l=bugtraq&m=134124585221119&w=2
- http://secunia.com/advisories/34453
- http://secunia.com/advisories/35100
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-258808-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020455.1-1
- http://wiki.rpath.com/Advisories:rPSA-2009-0086
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:079
- http://www.openwall.com/lists/oss-security/2009/03/11/4
- http://www.postgresql.org/about/news.1065
- http://www.redhat.com/support/errata/RHSA-2009-1067.html
- http://www.securityfocus.com/archive/1/503598/100/0/threaded
- http://www.securityfocus.com/bid/34090
- http://www.securitytracker.com/id?1021860
- http://www.vupen.com/english/advisories/2009/0767
- http://www.vupen.com/english/advisories/2009/1316
- https://bugzilla.redhat.com/show_bug.cgi?id=488156
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10874
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6252
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00810.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00843.html