A stack-based buffer overflow flaw was found in the way PostgreSQL Object-Relational database management system (DBMS) processed certain tokens from the SQL query, when the intarray module was enabled on the particular database. An authenticated database user, when the intarray module was enabled on that particular database, running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. Flaw exploitation requirement: ============================== This flaw to be successfully exploited requires the intarray PostgreSQL module to be enabled on a particular database or in general (for all databases). The intarray module is not enabled by default in the postgresql package installation, as shipped with Red Hat Enterprise Linux or Fedora. References: ----------- [1] http://www.postgresql.org/docs/current/static/intarray.html [2] http://www.postgresql.org/docs/current/static/contrib.html Acknowledgements: Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue.
This issue affects the versions of the postgresql package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. This issue affects the version of the postgresql84 package, as shipped with Red Hat Enterprise Linux 5. -- This issue affects the versions of the postgresql package, as shipped with Fedora release of 13 and 14.
Public via: [1] http://www.postgresql.org/support/security.html
Created postgresql tracking bugs for this issue Affects: fedora-all [bug 674296]
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:0197 https://rhn.redhat.com/errata/RHSA-2011-0197.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0198 https://rhn.redhat.com/errata/RHSA-2011-0198.html