Re: [GENERAL] PostgreSQL 7.2.2: Security Release
Gavin Sherry <swm@linuxworld.com.au>
From: Gavin Sherry <swm@linuxworld.com.au>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Neil Conway <neilc@samurai.com>, "Marc G. Fournier" <scrappy@hub.org>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2002-08-25T13:44:03Z
Lists: pgsql-hackers, pgsql-general
On Sat, 24 Aug 2002, Bruce Momjian wrote: > > The issue is data-provoked crashes vs. query-invoked crashes. Marc's > point, and I think it was clear enough, is that you can't just poke at > the TCP port and hope to do anything bad, which was the thrust of the > argument, I think. Bruce, I am convinced that someone with enough time on their hands and some code pointed to by Florian Weimer could exploit the datetime overrun issue by crafting a datetime string in such a way as to overrun the buffer and smash the stack. In applications which pass date/time data directly to the database without any validation (is this datetime string greater than 52 bytes? does it look like a date/time string?) then a malicious user without direct database access could crash the database by taking advantage of the short comings in Postgres and the application. As such, I would recommend all people who offer direct access to the database and/or have applications which user date/time data types/functionality to upgrade to 7.2.2. Gavin