Users login

Create an account »


Users login

Home » Hacking News » CLA-2002:524-postgresql


by Nikola Strahija on September 20th, 2002 Postgresql[1] is a sophisticated relational database which supports almost all SQL constructs, including subselects, transactions and user-defined types and functions.

Mordred Labs announced[3][4][5] several
vulnerabilities in the postgresql database:
- buffer overflow in the rpad() and lpad() functions;
- buffer overflow in the repeat() function;
- buffer overflow in the cash_words() function;

Other vulnerabilities were also fixed[2] by the postgresql
- buffer overflow in functions dealing with date/time and timezone;
- more buffer overflows, this time in the circle_poly(),
path_encode() and path_addr() functions, reported again by
. Fixes for these overflows are available only in
CVS[6] at this time and were not included in the official 7.2.2
release, but are included in this update. Thanks to Martin Schulze
for alerting us about these last-minute fixes.

In order to exploit any of these vulnerabilities, it is necessary for
the attacker to be able to query the database somehow. Some scenarios
where this could happen:
- the attacker already has an account in the database server and can
execute queries;
- for example, web applications which query the database but do not
adequately filter form or URL data and are vulnerable to SQL command

Whatever the scenario is, it is not possible to directly obtain root
privileges through these vulnerabilities, because the postgresql
service runs as a non-root user specifically created for it. But it
is likely possible to compromise the data in the database and/or
execute other attacks after exploring the above vulnerabilities.

It is recommended that all postgresql users upgrade their packages.

Conectiva Linux 8 was shipped with postgresql 7.2.1, and this update
upgrades the packages to version 7.2.2. According to the authors,
there is no need to dump the database before upgrading 7.2.1 to
7.2.2. However, this is a recommended practice with every upgrade.
Conectiva Linux 7.0 and 6.0 have older versions which have been
patched instead to fix these vulnerabilities.

IMPORTANT: please restart the service after the upgrade if it was
already running. To do so, execute, as root:

/sbin/service postgresql restart




Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):

rpm [cncbr] 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

- run: apt-get update
- after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples
can be found at

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
Instructions on how to check the signatures of the RPM packages can be
found at
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at

- -------------------------------------------------------------------------
subscribe: [email protected]
unsubscribe: [email protected]
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »