A stack-based buffer overflow flaw was found in the way
PostgreSQL Object-Relational database management system (DBMS)
processed certain tokens from the SQL query, when the intarray
module was enabled on the particular database. An authenticated
database user, when the intarray module was enabled on that
particular database, running a specially-crafted SQL query
could use this flaw to cause a temporary denial of service
(postgres daemon crash) or, potentially, execute arbitrary
code with the privileges of the database server.
Flaw exploitation requirement:
==============================
This flaw to be successfully exploited requires the intarray
PostgreSQL module to be enabled on a particular database or
in general (for all databases). The intarray module is not
enabled by default in the postgresql package installation,
as shipped with Red Hat Enterprise Linux or Fedora.
References:
-----------
[1] http://www.postgresql.org/docs/current/static/intarray.html
[2] http://www.postgresql.org/docs/current/static/contrib.html
Acknowledgements:
Red Hat would like to thank Geoff Keating of the Apple Product Security
team for reporting this issue.
This issue affects the versions of the postgresql package, as shipped
with Red Hat Enterprise Linux 4, 5, and 6.
This issue affects the version of the postgresql84 package, as shipped
with Red Hat Enterprise Linux 5.
--
This issue affects the versions of the postgresql package, as shipped
with Fedora release of 13 and 14.
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2011:0197 https://rhn.redhat.com/errata/RHSA-2011-0197.html