漏洞信息详情
PostgreSQL多个远程漏洞
- CNNVD编号:CNNVD-200505-781
- 危害等级: 高危
- CVE编号: CVE-2005-0247
- 漏洞类型: 缓冲区溢出
- 发布时间: 2005-05-02
- 威胁类型: 远程
- 更新时间: 2009-02-03
- 厂 商: postgresql
- 漏洞来源: The individual or ...
漏洞简介
PostgreSQL 8.0.1及更早版本中的gram.y存在多个缓冲区溢出,攻击者可以通过(1)由read_sql_construct函数处理的SQL语句中的大量的变量, (2)由make_select_stmta函数处理的SELECT语句中的大量INTO变量,(3)由make_select_stmt函数处理的SELECT语句中的大量任意变量,以及(4)由make_fetch_stmt函数处理的FETCH语句中的大量INTO变量,来执行任意代码,是和CVE-2005-0245不同的一组漏洞。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
RedHat Fedora Core2
RedHat postgresql-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-contrib-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-contrib-7.4.7-1.FC2.2.x86_64.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-debuginfo-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-debuginfo-7.4.7-1.FC2.2.x86_64.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-devel-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-devel-7.4.7-1.FC2.2.x86_64.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-docs-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-docs-7.4.7-1.FC2.2.x86_64.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-jdbc-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-jdbc-7.4.7-1.FC2.2.x86_64.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-libs-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-libs-7.4.7-1.FC2.2.x86_64.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-pl-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-pl-7.4.7-1.FC2.2.x86_64.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-python-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-python-7.4.7-1.FC2.2.x86_64.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-server-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-server-7.4.7-1.FC2.2.x86_64.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-tcl-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-tcl-7.4.7-1.FC2.2.x86_64.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-test-7.4.7-1.FC2.2.i386.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat postgresql-test-7.4.7-1.FC2.2.x86_64.rpm
Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat Fedora Core3
RedHat postgresql-7.4.7-1.FC3.2.i386.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
RedHat postgresql-7.4.7-1.FC3.2.x86_64.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
RedHat postgresql-contrib-7.4.7-1.FC3.2.i386.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
RedHat postgresql-contrib-7.4.7-1.FC3.2.x86_64.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
RedHat postgresql-debuginfo-7.4.7-1.FC3.2.i386.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
RedHat postgresql-debuginfo-7.4.7-1.FC3.2.x86_64.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
RedHat postgresql-devel-7.4.7-1.FC3.2.i386.rpm
Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
RedHat postgresql-devel-7.4.7-1.FC3.2.x86_64.rpm
Fedora Core 3
http://
参考网址
来源: XF
名称: postgresql-fetch-makefetchstmt-bo(19378)
链接:http://xforce.iss.net/xforce/xfdb/19378
来源: XF
名称: postgresql-makeselectstmt-arbitrary-bo(19377)
链接:http://xforce.iss.net/xforce/xfdb/19377
来源: XF
名称: postgresql-makeselectstmt-input-bo(19376)
链接:http://xforce.iss.net/xforce/xfdb/19376
来源: XF
名称: postgresql-readsqlconstruct-bo(19375)
链接:http://xforce.iss.net/xforce/xfdb/19375
来源: REDHAT
名称: RHSA-2005:150
链接:http://www.redhat.com/support/errata/RHSA-2005-150.HTML
来源: REDHAT
名称: RHSA-2005:138
链接:http://www.redhat.com/support/errata/RHSA-2005-138.HTML
来源: SUSE
名称: SUSE-SA:2005:027
链接:http://www.novell.com/linux/security/advisories/2005_27_postgresql.HTML
来源: GENTOO
名称: GLSA-200502-19
链接:http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml
来源: DEBIAN
名称: DSA-683
链接:http://www.debian.org/security/2005/dsa-683
来源: BUGTRAQ
名称: 20050210 [USN-79-1] PostgreSQL vulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110806034116082&w=2
来源: MLIST
名称: [pgsql-committers] 20050207 pgsql: Prevent 4 more buffer overruns in the PL/PgSQL parser.
链接:http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
来源: BID
名称: 12417
链接:http://www.securityfocus.com/bid/12417
来源: SUSE
名称: SUSE-SA:2005:036
链接:http://www.novell.com/linux/security/advisories/2005_36_sudo.HTML
来源: MANDRAKE
名称: MDKSA-2005:040
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
受影响实体
- Postgresql Postgresql:8.0.1
- Postgresql Postgresql:8.0.0
- Postgresql Postgresql:7.4.7
- Postgresql Postgresql:7.4.6
- Postgresql Postgresql:7.4.5
补丁
暂无
评论