Re: Postgres buffer overflow in stable .

To: Jean-Francois Dive <jef@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: Postgres buffer overflow in stable .
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Thu, 12 Sep 2002 18:39:26 +0200
Message-id: <[🔎] 87y9a7kvr5.fsf@Login.CERT.Uni-Stuttgart.DE>
Mail-followup-to: Jean-Francois Dive <jef@debian.org>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20020911023933.GD435@gnoll.homeip.net> (Jean-Francois Dive's message of "Wed, 11 Sep 2002 12:39:33 +1000")
References: <[🔎] 20020911023933.GD435@gnoll.homeip.net>

Jean-Francois Dive <jef@debian.org> writes:

> The bug 155419 opened 37 days old point to a serious security issue
> with postgres as i can lead to DOS from local users

You can't get rid of the authenticated user DoS easily, see 160673.
This requires the ability to execute arbitrary SQL statements, though,
so the path to attack is rather narrow.

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Reply to:

References:
- Postgres buffer overflow in stable .
  - From: Jean-Francois Dive <jef@debian.org>

Prev by Date: Re: "suspicious" apache log entries
Next by Date: Re: "suspicious" apache log entries
Previous by thread: Re: Postgres buffer overflow in stable .
Next by thread: Re: Good Day - spamassin
Index(es):
- Date
- Thread