This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 801733 - (CVE-2012-1151) CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Perl warnings and by preparing DBD statement
CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Per...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120227,repor...
: Security
Depends On: 841129 841130 841131 841132 841133
Blocks: 801749
  Show dependency treegraph
 
Reported: 2012-03-09 05:00 EST by Jan Lieskovsky
Modified: 2015-11-24 10:07 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-25 13:18:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2012-03-09 05:00:32 EST
Two format string flaws were found in the way perl-DBD-Pg, a Perl language PostgreSQL DBI implementation, performed:
1) turning of database notices into appropriate Perl language warning messages,
2) preparation of particular DBD statement.

A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536

CPAN ticket:
[2] https://rt.cpan.org/Public/Bug/Display.html?id=75642

Patch proposed by Niko Tyni:
[3] https://rt.cpan.org/Ticket/Attachment/1047954/547725/0001-Explicitly-warn-and-croak-with-controlled-format-str.patch
Comment 1 Jan Lieskovsky 2012-03-09 05:26:24 EST
This issue affects the versions of the perl-DBD-Pg package, as shipped with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the perl-DBD-Pg package, as shipped with Fedora release of 15 and 16.

--

This issue affects the version of the perl-DBD-Pg package, as shipped with Red Hat Application Stack-v2.
Comment 2 Jan Lieskovsky 2012-03-09 06:11:50 EST
CVE request:
[4] http://www.openwall.com/lists/oss-security/2012/03/09/6
Comment 3 Kurt Seifried 2012-03-10 01:11:24 EST
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/10/4
Comment 4 Huzaifa S. Sidhpurwala 2012-07-02 04:51:46 EDT
warn() function is not protected by fortify source format string protections, 
(read bug 836931), hence assuming that format string exploitation can cause ACE
Comment 8 Huzaifa S. Sidhpurwala 2012-07-18 04:47:19 EDT
Created perl-DBD-Pg tracking bugs for this issue

Affects: fedora-all [bug 841133]
Comment 10 errata-xmlrpc 2012-07-25 12:58:34 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2012:1116 https://rhn.redhat.com/errata/RHSA-2012-1116.html

Note You need to log in before you can comment on or make changes to this bug.