152581 – CAN-2002-1642 postgresql VACUUM DoS

Bug 152581 - CAN-2002-1642 postgresql VACUUM DoS

Summary: CAN-2002-1642 postgresql VACUUM DoS

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 2.1
Classification:	Red Hat
Component:	postgresql
Sub Component:
Version:	2.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tom Lane
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:	impact=moderate,public=20021003,sourc...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-03-30 14:52 UTC by Josh Bressers
Modified:	2013-07-03 03:04 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-03-30 18:19:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Josh Bressers 2005-03-30 14:52:21 UTC

PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log
(pg_clog) data and cause a denial of service (data loss) via the VACUUM command.

Additional information is here:
http://archives.postgresql.org/pgsql-announce/2002-10/msg00000.php

Comment 1 Josh Bressers 2005-03-30 14:53:05 UTC

Tom,

Can you take a look at this issue and let me know if we're vulnerable.  I've not
verified it one way of the other.

Comment 2 Tom Lane 2005-03-30 18:19:31 UTC

AFAIK Red Hat has never shipped Postgres 7.2.anything --- we went from 7.1.* to
7.3.*.  Certainly 2.1AS is still using 7.1.3.  (No, this issue doesn't apply to
PG 7.1.*.)

Note You need to log in before you can comment on or make changes to this bug.