From d0e01d69d3e8ef4d078fadc45394fd476aa5f576 Mon Sep 17 00:00:00 2001 From: Remko Lodder Date: Sun, 13 Aug 2006 15:25:17 +0000 Subject: Document postgresql -- multiple vulnerabilities. These are all older vulnerabilities which had not yet been documented by the Security Team. Also fix a minor mistake in an older PostgreSQL entry. --- security/vuxml/vuln.xml | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) (limited to 'security/vuxml/vuln.xml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a259d44909ae..9e8033697217 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,48 @@ Note: Please add new entries to the beginning of this file. --> + + postgresql -- multiple vulnerabilities + + + postgresql + postgresql-server + ja-postgresql + 7.27.2.7 + 7.37.3.9 + 7.47.4.7 + 8.0.08.0.1 + + + + +

Multiple vulnerabilities had been reported in various + versions of PostgreSQL:

The EXECUTE restrictions can be bypassed by using the + AGGREGATE function, which is missing a permissions check.
A buffer overflow exists in gram.y which could allow an + attacker to execute arbitrary code by sending a large + number of arguments to a refcursor function, found in + gram.y
The intagg contributed module allows an attacker to crash + the server (Denial of Service) by constructing a malicious + crafted array.

+ + + + CVE-2005-0244 + CVE-2005-0245 + CVE-2005-0246 + http://secunia.com/advisories/12948 + + + 2005-02-01 + 2006-08-13 + + + mysql -- format string vulnerability @@ -4155,7 +4197,7 @@ Note: Please add new entries to the beginning of this file. postgresql-server - 8.1.0.8.1.3 + 8.1.08.1.3 -- cgit v1.2.3