Bug 81244 - Multiple Postgresql Security Vulnerabilities
Multiple Postgresql Security Vulnerabilities
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: postgresql (Show other bugs)
2.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Andrew Overholt
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-01-06 19:17 EST by Andrew Overholt
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-01-23 13:27:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Backpatch of fixes from PostgreSQL 7.2.2, 7.2.3, and 7.3 (8.75 KB, patch)
2003-01-06 19:18 EST, Andrew Overholt
no flags Details | Diff

  None (edit)
Description Andrew Overholt 2003-01-06 19:17:20 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020913

Description of problem:
Quoted from the Postgresql site:

"Due to recent security vulnerabilities reported on BugTraq, concerning several
buffer overruns found in PostgreSQL, the PostgreSQL Global Development Team
today released v7.2.2 of PostgreSQL that fixes these vulnerabilities.

The following buffer overruns have been identified and addressed:

    * in handling long datetime input
    * in repeat()
    * in lpad() and rpad() with multibyte
    * in SET TIME ZONE and TZ env var "

The version of PostgreSQL that was shipped with Red Hat Linux Advanced Server
2.1 was vulnerable to these buffer overruns.  The multibyte code that can be
exploited was not added until PostgreSQL 7.2, but it is part of my attached
patch nonetheless.

Other URL's with information on these multiple vulnerabilities include:

http://lwn.net/Articles/8445/
http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644
http://marc.theaimsgroup.com/?l=bugtraq&m=102978152712430
http://marc.theaimsgroup.com/?l=bugtraq&m=102987306029821
http://marc.theaimsgroup.com/?l=postgresql-general&m=102995302604086
http://online.securityfocus.com/archive/1/288334
http://online.securityfocus.com/archive/1/288305
http://online.securityfocus.com/archive/1/288036 

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. a. $ pgsql -U template1
1. b. template1=# select repeat('xxx',1431655765);
2. a. $ pgsql -U template1
2. b. template1=# select cash_words('-700000000000000000000000000000');

Actual Results:  1. pqReadData() -- backend closed the channel unexpectedly.
        This probably means the backend terminated abnormally
        before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.
!#

2. pqReadData() -- backend closed the channel unexpectedly.
        This probably means the backend terminated abnormally
        before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.
!#

Expected Results:  1. ERROR:  Requested buffer is too large.
2.                                                   cash_words                
                                    
--------------------------------------------------------------------------------------------------------------------
 Minus twenty one million four hundred seventy four thousand eight hundred
thirty six dollars and forty eight cents
(1 row)

Additional info:
Comment 1 Andrew Overholt 2003-01-06 19:18:43 EST
Created attachment 89177 [details]
Backpatch of fixes from PostgreSQL 7.2.2, 7.2.3, and 7.3

This is the proposed backpatch of the fixes from more recent versions of
PostgreSQL as provided by the PostgreSQL Global Development Group.
Comment 2 Andrew Overholt 2003-01-23 13:27:09 EST
Erratum pushed.  Closing.

Note You need to log in before you can comment on or make changes to this bug.