FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postgresql -- character conversion and tsearch2 vulnerabilities

Affected packages
7.2.0 <= postgresql < 7.2.8
7.3.0 <= postgresql < 7.3.10
7.4.0 <= postgresql < 7.4.8
8.0.0 <= postgresql < 8.0.3


VuXML ID 486aff57-9ecd-11da-b410-000e0c2e438a
Discovery 2005-05-02
Entry 2006-02-16

The postgresql development team reports:

The more severe of the two errors is that the functions that support client-to-server character set conversion can be called from SQL commands by unprivileged users, but these functions are not designed to be safe against malicious choices of argument values. This problem exists in PostgreSQL 7.3.* through 8.0.*. The recommended fix is to disable public EXECUTE access for these functions. This does not affect normal usage of the functions for character set conversion, but it will prevent misuse.

The other error is that the contrib/tsearch2 module misdeclares several functions as returning type "internal" when they do not have any "internal" argument. This breaks the type safety of "internal" by allowing users to construct SQL commands that invoke other functions accepting "internal" arguments. The consequences of this have not been investigated in detail, but it is certainly at least possible to crash the backend.


CVE Name CAN-2005-1409
CVE Name CAN-2005-1410