postgresql -- multiple buffer overflows in PL/PgSQL parser

Description:

The PL/PgSQL parser in postgresql is vulnerable to several buffer overflows. These could be exploited by a remote attacker to execute arbitrary code with the permissions of the postgresql server by running a specially crafted query.

References:

CVE name CVE-2005-0247
URL: <http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php>

Affects:

postgresql <7.3.9_1
postgresql >7.4.* <7.4.7_1
postgresql >8.* <8.0.1_1
postgresql-server <7.3.9_1
postgresql-server >7.4.* <7.4.7_1
postgresql-server >8.* <8.0.1_1
ja-postgresql <7.3.9_1
ja-postgresql >7.4.* <7.4.7_1
ja-postgresql >8.* <8.0.1_1

portaudit: postgresql -- multiple buffer overflows in PL/PgSQL parser

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>