Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » MDKSA-2002:062-1 - Updated postgresql packages fix various buffer overflows

MDKSA-2002:062-1 - Updated postgresql packages fix various buffer overflows

by Nikola Strahija on February 12th, 2003 Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone.


Package name: postgresql
Advisory ID: MDKSA-2002:062-1
Date: February 11th, 2003
Original Advisory Date: October 1st, 2002
Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0,
Single Network Firewall 7.2
________________________________________________________________________

Problem Description:

Vulnerabilities were discovered in the Postgresql relational database
by Mordred Labs. These vulnerabilities are buffer overflows in the
rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql
developers also fixed a buffer overflow in functions that deal with
time/date and timezone.

Finally, more buffer overflows were discovered by Mordred Labs in the
7.2.2 release that are currently only fixed in CVS. These buffer
overflows exist in the circle_poly(), path_encode(), and path_addr()
functions.

In order for these vulnerabilities to be exploited, an attacker must be
able to query the server somehow. However, this cannot directly lead
to root privilege because the server runs as the postgresql user.

Prior to upgrading, users should dump their database and retain it as
backup. You can dump the database by using:

$ pg_dumpall > db.out

If you need to restore from the backup, you can do so by using:

$ psql -f db.out template1

Update:

The previous update missed a few small fixes, including a buffer overflow
in the cash_words() function that allows local users to cause a DoS and
possibly execute arbitrary code via a malformed argument in Postgresql 7.2
and earlier. As well, buffer overflows in the TZ and SET TIME ZONE
environment variables for Postgresql 7.2.1 and earlier can allow local
users to cause a DoS and possibly execute arbitrary code.
________________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1402
http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
http://online.securityfocus.com/archive/1/288036
http://online.securityfocus.com/archive/1/288305
http://online.securityfocus.com/archive/1/288334
________________________________________________________________________

Updated Packages:

Linux-Mandrake 7.2:
16f6ad77e613d9c69eb953711ecae596 7.2/RPMS/postgresql-7.0.2-6.2mdk.i586.rpm
fe299c787297a701c70be0c59698107c 7.2/RPMS/postgresql-devel-7.0.2-6.2mdk.i586.rpm
a29d7d45e6e344b5a62a19b24820ee6d 7.2/RPMS/postgresql-jdbc-7.0.2-6.2mdk.i586.rpm
1b298b043a3f7da08d119d5acc831e43 7.2/RPMS/postgresql-odbc-7.0.2-6.2mdk.i586.rpm
bd40b3b65086aba62dc2fb85cc14de07 7.2/RPMS/postgresql-perl-7.0.2-6.2mdk.i586.rpm
f11d2a8bb7e7b885bcdeddddf96fa8b2 7.2/RPMS/postgresql-python-7.0.2-6.2mdk.i586.rpm
09bd4bd5ba414ddb8f29dd6cd17d7437 7.2/RPMS/postgresql-server-7.0.2-6.2mdk.i586.rpm
66dcfa74038a5ea2c182f0a656539a13 7.2/RPMS/postgresql-tcl-7.0.2-6.2mdk.i586.rpm
042c9b97cfbc766307c397430c44df9a 7.2/RPMS/postgresql-test-7.0.2-6.2mdk.i586.rpm
e8e59f5ce6276887da8d99d93f6bed32 7.2/RPMS/postgresql-tk-7.0.2-6.2mdk.i586.rpm
7994b32ad704c1eca1d826526c539cc7 7.2/SRPMS/postgresql-7.0.2-6.2mdk.src.rpm

Mandrake Linux 8.0:
bf2acc64035b1821d1b17dbe2bfc5f8f 8.0/RPMS/postgresql-7.0.3-12.3mdk.i586.rpm
66f2658ccb68c3f7dec5a8b994a42afc 8.0/RPMS/postgresql-devel-7.0.3-12.3mdk.i586.rpm
a522ab7fa208235c17509400f6ee5a6c 8.0/RPMS/postgresql-jdbc-7.0.3-12.3mdk.i586.rpm
63073956e8e6792c541799e5a38789cb 8.0/RPMS/postgresql-odbc-7.0.3-12.3mdk.i586.rpm
a2c32ed4effbb69e2c0f912d7068d1c0 8.0/RPMS/postgresql-perl-7.0.3-12.3mdk.i586.rpm
593ba7e87e72a89fa068eecfdc76dae5 8.0/RPMS/postgresql-python-7.0.3-12.3mdk.i586.rpm
d2903a4ed75679749713f1ccb50a0325 8.0/RPMS/postgresql-server-7.0.3-12.3mdk.i586.rpm
3f23db200a658c5b08044f0efb9583b5 8.0/RPMS/postgresql-tcl-7.0.3-12.3mdk.i586.rpm
6f493533534e68d6e56a4714d2eff81e 8.0/RPMS/postgresql-test-7.0.3-12.3mdk.i586.rpm
644f165ad06cd62a309548298981d1e9 8.0/RPMS/postgresql-tk-7.0.3-12.3mdk.i586.rpm
2b918a143b51a306ca9132233373c5d0 8.0/SRPMS/postgresql-7.0.3-12.3mdk.src.rpm

Mandrake Linux 8.0/PPC:
cb7745ab7ec608ac796ff55cf516884f ppc/8.0/RPMS/postgresql-7.0.3-12.3mdk.ppc.rpm
a55c4d8c2e97abd9ada72015c367f753 ppc/8.0/RPMS/postgresql-devel-7.0.3-12.3mdk.ppc.rpm
006c7fb46d4cf62a40209bee1e4bdca5 ppc/8.0/RPMS/postgresql-jdbc-7.0.3-12.3mdk.ppc.rpm
a3392a4a27443edea9059a38512518c8 ppc/8.0/RPMS/postgresql-odbc-7.0.3-12.3mdk.ppc.rpm
709d9eeeb484099ba65551a41219ec7f ppc/8.0/RPMS/postgresql-perl-7.0.3-12.3mdk.ppc.rpm
edfe27d1661db92a6511b4541bd40949 ppc/8.0/RPMS/postgresql-python-7.0.3-12.3mdk.ppc.rpm
c7c22eb21bfc0cff2f3b28873e967730 ppc/8.0/RPMS/postgresql-server-7.0.3-12.3mdk.ppc.rpm
904006be899f6105cc888b212118ae5d ppc/8.0/RPMS/postgresql-tcl-7.0.3-12.3mdk.ppc.rpm
1a2d2f042788dd15cbf4d43e9c64064c ppc/8.0/RPMS/postgresql-test-7.0.3-12.3mdk.ppc.rpm
6e90a4031efd1f01185914f4de72e5ae ppc/8.0/RPMS/postgresql-tk-7.0.3-12.3mdk.ppc.rpm
2b918a143b51a306ca9132233373c5d0 ppc/8.0/SRPMS/postgresql-7.0.3-12.3mdk.src.rpm

Mandrake Linux 8.1:
97de10790f301b68eaca59c697809ea9 8.1/RPMS/postgresql-7.1.2-19.3mdk.i586.rpm
aec70115c9cc02624434b093c5d90c5c 8.1/RPMS/postgresql-contrib-7.1.2-19.3mdk.i586.rpm
6ab2d88eb5fee0c693bfe6d471f97e20 8.1/RPMS/postgresql-devel-7.1.2-19.3mdk.i586.rpm
4754eb788df84d946d08d289436010dd 8.1/RPMS/postgresql-docs-7.1.2-19.3mdk.i586.rpm
025457b3aaa43d490fed74dbdd72eb9f 8.1/RPMS/postgresql-jdbc-7.1.2-19.3mdk.i586.rpm
676676267be42eccb12c58f597f00e58 8.1/RPMS/postgresql-libs-7.1.2-19.3mdk.i586.rpm
d496dd85e2ff5c9461b62e03182331fd 8.1/RPMS/postgresql-odbc-7.1.2-19.3mdk.i586.rpm
a1eed5f8fcca84191468ec9cd30a2aae 8.1/RPMS/postgresql-perl-7.1.2-19.3mdk.i586.rpm
07966ec3c52708ad9fb24998a39cc397 8.1/RPMS/postgresql-plperl-7.1.2-19.3mdk.i586.rpm
57ba9c81df82ff486031dbd0fd04e87c 8.1/RPMS/postgresql-python-7.1.2-19.3mdk.i586.rpm
43964e8e013e88312505d437cc36e775 8.1/RPMS/postgresql-server-7.1.2-19.3mdk.i586.rpm
a6b24839a25edae67cd89b23640c5e13 8.1/RPMS/postgresql-tcl-7.1.2-19.3mdk.i586.rpm
57cc51dca34fc289790432f975c529b3 8.1/RPMS/postgresql-test-7.1.2-19.3mdk.i586.rpm
268c76eb7fe37063b550309e3a1cbdb2 8.1/RPMS/postgresql-tk-7.1.2-19.3mdk.i586.rpm
9bd07818ed29d3a4805881102b738cfa 8.1/SRPMS/postgresql-7.1.2-19.3mdk.src.rpm

Mandrake Linux 8.1/IA64:
a0ab2205f1fe47bad88cea600916b871 ia64/8.1/RPMS/postgresql-7.1.2-19.3mdk.ia64.rpm
5844b3344d57af2e330865e9031c0d4b ia64/8.1/RPMS/postgresql-contrib-7.1.2-19.3mdk.ia64.rpm
40225b5838c33029bd8cf5d6f276e22f ia64/8.1/RPMS/postgresql-devel-7.1.2-19.3mdk.ia64.rpm
d5d0543a93d1c071375c1c07c5d5c33f ia64/8.1/RPMS/postgresql-docs-7.1.2-19.3mdk.ia64.rpm
dc4665e113e696ef8a30a3ef9257681e ia64/8.1/RPMS/postgresql-jdbc-7.1.2-19.3mdk.ia64.rpm
6c993e445bed97e3b1f8bb053ac4ff60 ia64/8.1/RPMS/postgresql-libs-7.1.2-19.3mdk.ia64.rpm
ef7a7ca8460e4b2de3beb7a551cc3d76 ia64/8.1/RPMS/postgresql-odbc-7.1.2-19.3mdk.ia64.rpm
1f67a742649c0bc6efc64f6803681a27 ia64/8.1/RPMS/postgresql-perl-7.1.2-19.3mdk.ia64.rpm
0be4a57073b651d366866317370e3c54 ia64/8.1/RPMS/postgresql-plperl-7.1.2-19.3mdk.ia64.rpm
1332ad74b2abd3b5b028f501e115b3e0 ia64/8.1/RPMS/postgresql-python-7.1.2-19.3mdk.ia64.rpm
ed4cb3a263eb1d0507ab1cb29a15dc37 ia64/8.1/RPMS/postgresql-server-7.1.2-19.3mdk.ia64.rpm
f30c087b1cd9aeddcdb0acee64d42437 ia64/8.1/RPMS/postgresql-tcl-7.1.2-19.3mdk.ia64.rpm
3dba7af5b1f92c088f69f234480f3755 ia64/8.1/RPMS/postgresql-test-7.1.2-19.3mdk.ia64.rpm
50b000869e5058323e790ecb18049f75 ia64/8.1/RPMS/postgresql-tk-7.1.2-19.3mdk.ia64.rpm
9bd07818ed29d3a4805881102b738cfa ia64/8.1/SRPMS/postgresql-7.1.2-19.3mdk.src.rpm

Mandrake Linux 8.2:
8b27c79afbd8fd32def0eb6feb6c0d9a 8.2/RPMS/libecpg3-7.2-12.2mdk.i586.rpm
595cec2baf3b71d4fac9de920c7fabfa 8.2/RPMS/libpgperl-7.2-12.2mdk.i586.rpm
d52d7e7bab94d255c2a304acdef87789 8.2/RPMS/libpgsql2-7.2-12.2mdk.i586.rpm
5dc506936db8e32a08ec4249c1814d81 8.2/RPMS/libpgsqlodbc0-7.2-12.2mdk.i586.rpm
949789c4c0569cf79a3652ba294057d2 8.2/RPMS/libpgtcl2-7.2-12.2mdk.i586.rpm
389afb26bcbe82dd0db84d6179749b1e 8.2/RPMS/postgresql-7.2-12.2mdk.i586.rpm
84a443bce98bf8872e25a844f2602b2c 8.2/RPMS/postgresql-contrib-7.2-12.2mdk.i586.rpm
6646a6461dd3654ed6cf51968512360c 8.2/RPMS/postgresql-devel-7.2-12.2mdk.i586.rpm
902851489c741dfefef18de2c1263ba0 8.2/RPMS/postgresql-docs-7.2-12.2mdk.i586.rpm
0e305d02c5ef1420a3fcd158e84deab6 8.2/RPMS/postgresql-jdbc-7.2-12.2mdk.i586.rpm
d3d9b5dd8277178d4c98ad108676488c 8.2/RPMS/postgresql-python-7.2-12.2mdk.i586.rpm
0fdcedbdcdd1d780c5799c02620b5539 8.2/RPMS/postgresql-server-7.2-12.2mdk.i586.rpm
f5233fd92501b37120730155a7497a21 8.2/RPMS/postgresql-tcl-7.2-12.2mdk.i586.rpm
ac1badad8cc870e8613435c8e7e9d432 8.2/RPMS/postgresql-test-7.2-12.2mdk.i586.rpm
f5f2ac87de0cd373c9a8a208cf60f004 8.2/RPMS/postgresql-tk-7.2-12.2mdk.i586.rpm
14f6696f5d41104d0d10c27e1f3d7988 8.2/SRPMS/postgresql-7.2-12.2mdk.src.rpm

Mandrake Linux 8.2/PPC:
77d6ccc120c67b6178014a328b427130 ppc/8.2/RPMS/libecpg3-7.2-12.2mdk.ppc.rpm
426a2b8e85d929f2ab4a732d24ea3955 ppc/8.2/RPMS/libpgperl-7.2-12.2mdk.ppc.rpm
061df62587ce1b164e045becf6da1a29 ppc/8.2/RPMS/libpgsql2-7.2-12.2mdk.ppc.rpm
1f1b2696c7a42f8069d7a8df999bd1d2 ppc/8.2/RPMS/libpgsqlodbc0-7.2-12.2mdk.ppc.rpm
1a851295e15c4c5419998b8d036cac62 ppc/8.2/RPMS/libpgtcl2-7.2-12.2mdk.ppc.rpm
155cfe5d55f3e584e85095232961cf6d ppc/8.2/RPMS/postgresql-7.2-12.2mdk.ppc.rpm
e493b4aaceff78671e9a65c2dd776ea7 ppc/8.2/RPMS/postgresql-contrib-7.2-12.2mdk.ppc.rpm
08d0e66b0d0565dcfa1adb632c07c730 ppc/8.2/RPMS/postgresql-devel-7.2-12.2mdk.ppc.rpm
21904a35b8076be3bad3187af15a1440 ppc/8.2/RPMS/postgresql-docs-7.2-12.2mdk.ppc.rpm
ccc669f434df60024c8f2cf1d53be994 ppc/8.2/RPMS/postgresql-jdbc-7.2-12.2mdk.ppc.rpm
cc50d01c305bb5bc418a99d94546728e ppc/8.2/RPMS/postgresql-python-7.2-12.2mdk.ppc.rpm
9b510ff074a190cdeace20a006948566 ppc/8.2/RPMS/postgresql-server-7.2-12.2mdk.ppc.rpm
2c655f88c1683a644f97dfbf0ddb4a2f ppc/8.2/RPMS/postgresql-tcl-7.2-12.2mdk.ppc.rpm
b31814cf01ba11f63e44d66b99797392 ppc/8.2/RPMS/postgresql-test-7.2-12.2mdk.ppc.rpm
6eb3d839bbef278b0e6435143c714c02 ppc/8.2/RPMS/postgresql-tk-7.2-12.2mdk.ppc.rpm
14f6696f5d41104d0d10c27e1f3d7988 ppc/8.2/SRPMS/postgresql-7.2-12.2mdk.src.rpm

Mandrake Linux 9.0:
47e6da609c810370ab03e7e1ffc5d259 9.0/RPMS/libecpg3-7.2.2-1.2mdk.i586.rpm
e68a0b313fd8e375faaa0b7623c3a2c2 9.0/RPMS/libpgperl-7.2.2-1.2mdk.i586.rpm
2e3f2bf4fb815d7eb694980fa6d08dfe 9.0/RPMS/libpgsql2-7.2.2-1.2mdk.i586.rpm
4221bc2f2e6eade8fe61a42a365f99fb 9.0/RPMS/libpgsqlodbc0-7.2.2-1.2mdk.i586.rpm
937337453a19394face29b862019141b 9.0/RPMS/libpgtcl2-7.2.2-1.2mdk.i586.rpm
dbed9918b4b03ed654c5b018b4d756b2 9.0/RPMS/postgresql-7.2.2-1.2mdk.i586.rpm
4fd6458ba68949755de443fa19c3b673 9.0/RPMS/postgresql-contrib-7.2.2-1.2mdk.i586.rpm
faf3650ff3bfae6e52a7bca8f16ec43a 9.0/RPMS/postgresql-devel-7.2.2-1.2mdk.i586.rpm
a09cae1efa38d5efd579545e120e14e4 9.0/RPMS/postgresql-docs-7.2.2-1.2mdk.i586.rpm
5363320a91e676f5e18973d1a7f32047 9.0/RPMS/postgresql-jdbc-7.2.2-1.2mdk.i586.rpm
8aea657a4e8539e4d8736c1ad4128f43 9.0/RPMS/postgresql-python-7.2.2-1.2mdk.i586.rpm
05cbcb2c82942dba3e80f0cd6d77c217 9.0/RPMS/postgresql-server-7.2.2-1.2mdk.i586.rpm
2e695048467212f7274fa26b2d283169 9.0/RPMS/postgresql-tcl-7.2.2-1.2mdk.i586.rpm
bf3aa4c250e9e69c017c50b145623b5a 9.0/RPMS/postgresql-test-7.2.2-1.2mdk.i586.rpm
10bdfd1c9db6651b76d1f91893193b2f 9.0/RPMS/postgresql-tk-7.2.2-1.2mdk.i586.rpm
a61a0c2d5d5c223860f50302e7dbdb93 9.0/SRPMS/postgresql-7.2.2-1.2mdk.src.rpm

Single Network Firewall 7.2:
16f6ad77e613d9c69eb953711ecae596 snf7.2/RPMS/postgresql-7.0.2-6.2mdk.i586.rpm
7994b32ad704c1eca1d826526c539cc7 snf7.2/SRPMS/postgresql-7.0.2-6.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:

rpm --checksig

All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team from:

https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team


- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »