Re: [SECURITY] DoS attack on backend possible (was: Re:
Justin Clift <justin@postgresql.org>
From: Justin Clift <justin@postgresql.org>
To: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Cc: pgsql-hackers@postgresql.org
Date: 2002-08-09T19:59:45Z
Lists: pgsql-hackers
Hi Florian, Is it possible to crash a 7.2.1 backend without having an entry in the pg_hba.conf file? i.e. Is every PostgreSQL 7.2.1 installation around vulnerable to a remote DoS (or worse) from any user anywhere, at this moment in time? Regards and best wishes, Justin Clift Florian Weimer wrote: > > Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE> writes: > > > Neil Conway <nconway@klamath.dyndns.org> writes: > > > >> Thomas can correct me if I'm mistaken, but I believe these changes apply > >> to the new integer datetime code > > > > No, it's possible to crash the backend in 7.2, too. > > And 7.2.1, of course. > > Let me ask again: Do you plan to address this in an update for 7.2.1? > > -- > Florian Weimer Weimer@CERT.Uni-Stuttgart.DE > University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ > RUS-CERT fax +49-711-685-5898 > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi