Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL

From: Florian Weimer (Weimer@CERT.Uni-Stuttgart.DE)
Date: Tue Aug 20 2002 - 22:43:23 CEST

Previous message: bugzilla@redhat.com: "[RHSA-2002:109-07] Updated bugzilla packages fix security issues"
In reply to: Sir Mordred The Traitor: "@(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL"
Next in thread: Lamar Owen: "Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sir Mordred The Traitor <mordred@s-mail.com> writes:

> --[ Solution
>
> Do you still running postgresql? ...Can't believe that...
> If so, execute the following command as a root: "killall -9 postmaster",
> and wait until the patch will be available.

There's no need for such drastic action. Executing

DROP FUNCTION "repeat" (text, integer);

as the PostgreSQL superuser (usually "postgres") is sufficient in this
case. Most installations won't ever need this procedure anyway.

By the way: This bug is very similar to the xdr_array/calloc/new[] bug
(see e.g. http://cert.uni-stuttgart.de/advisories/calloc.php).

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Previous message: bugzilla@redhat.com: "[RHSA-2002:109-07] Updated bugzilla packages fix security issues"
In reply to: Sir Mordred The Traitor: "@(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL"
Next in thread: Lamar Owen: "Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Aug 21 2002 - 16:42:10 CEST