A denial of service flaw was found in the way command switch parsing logic of PostgreSQL, an advanced Object-Relational database management system, processed certain database names (a database name beginning with '-' character was interpreted as it if were a command line switch for a standalone backend). A remote attacker could issue a specially-crafted SQL query that, when processed by the PostgreSQL server would lead to unauthorized modification of the server's configuration file or attacker's ability to replace server's critical database / table with a junk file (of their choose), during the server's crash recovery process (denial of service).
This issue does NOT affect the version of the postgresql package, as shipped with Red Hat Enterprise Linux 5. -- This issue does NOT affect the version of the postgresql84 package, as shipped with Red Hat Enterprise Linux 5. -- This issue does NOT affect the version of the postgresql package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the postgresql package, as shipped with Fedora release of 17 and 18.
Acknowledgements: Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Mitsumasa Kondo and Kyotaro Horiguchi as the original issue reporters.
Statement: Not Vulnerable. This issue does not affect the version of postgresql as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of postgresql84 as shipped with Red Hat Enterprise Linux 5.
Created postgresql tracking bugs for this issue Affects: fedora-all [bug 948312]
Upstream announcement: http://www.postgresql.org/about/news/1456/
postgresql-9.2.4-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
postgresql-9.1.9-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
Upstream FAQ for this issue: http://www.postgresql.org/support/security/faq/2013-04-04/
Upstream commit: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=17fe2793ea7fe269ed616cb305150b6cf38dbaa8
LWN article related to this issue, from Josh Berkus is of the PostgreSQL Core Team: https://lwn.net/Articles/546550/
Metasploit scanner to identify vulnerable PostgreSQL versions: http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/scanner/postgres/postgres_dbname_flag_injection.rb
Third party analysis of the issue (and possible consequences): http://blog.blackwinghq.com/2013/04/08/2/
postgresql-9.2.4-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.