LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: PostgreSQL multipule buffer overflow vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake PostgreSQL has vulnerabilities that are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. More buffer overflows also exist in the circle_poly(), path_encode(), and path_addr() functions.

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           postgresql
Advisory ID:            MDKSA-2002:062
Date:                   October 1st, 2002
Affected versions:      7.2, 8.0, 8.1, 8.2, 9.0, 
                        Single Network Firewall 7.2
________________________________________________________________________

Problem Description:

 Vulnerabilities were discovered in the Postgresql relational database
 by Mordred Labs.  These vulnerabilities are buffer overflows in the
 rpad(), lpad(), repeat(), and cash_words() functions.  The Postgresql
 developers also fixed a buffer overflow in functions that deal with
 time/date and timezone.

 Finally, more buffer overflows were discovered by Mordred Labs in the
 7.2.2 release that are currently only fixed in CVS.  These buffer
 overflows exist in the circle_poly(), path_encode(), and path_addr()
 functions.

 In order for these vulnerabilities to be exploited, an attacker must be
 able to query the server somehow.  However, this cannot directly lead
 to root privilege because the server runs as the postgresql user.

 Prior to upgrading, users should dump their database and retain it as
 backup.  You can dump the database by using:

   $ pg_dumpall > db.out

 If you need to restore from the backup, you can do so by using:

   $ psql -f db.out template1
________________________________________________________________________

References:

   http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
   http://online.securityfocus.com/archive/1/288036
   http://online.securityfocus.com/archive/1/288305
   http://online.securityfocus.com/archive/1/288334
________________________________________________________________________

Updated Packages:

 Linux-Mandrake 7.2:
 bd638759a853147e32dcd2ecd8d580db  7.2/RPMS/postgresql-7.0.2-6.1mdk.i586.rpm
 3d86887ead17c5570f32775b21f1c537  7.2/RPMS/postgresql-devel-7.0.2-6.1mdk.i586.rpm
 35653f50c808a9cd73c1b5e46b56868c  7.2/RPMS/postgresql-jdbc-7.0.2-6.1mdk.i586.rpm
 766a60db7f505908f7ff505c15fed920  7.2/RPMS/postgresql-odbc-7.0.2-6.1mdk.i586.rpm
 5e9eaa842493b870e200451d771252ff  7.2/RPMS/postgresql-perl-7.0.2-6.1mdk.i586.rpm
 d071dcd67cb90a5b811a923e08355c58  7.2/RPMS/postgresql-python-7.0.2-6.1mdk.i586.rpm
 00d287dd935fd3bb44f67d2639447469  7.2/RPMS/postgresql-server-7.0.2-6.1mdk.i586.rpm
 c817d2a235b345e311d5c8de44d31bab  7.2/RPMS/postgresql-tcl-7.0.2-6.1mdk.i586.rpm
 7833577b4fa01c5cb9fb29ca76db0ce1  7.2/RPMS/postgresql-test-7.0.2-6.1mdk.i586.rpm
 e703afe3e7b55c88bb8ef765900abd28  7.2/RPMS/postgresql-tk-7.0.2-6.1mdk.i586.rpm
 df11fb051c34b5fb652f32eaa6100a0b  7.2/SRPMS/postgresql-7.0.2-6.1mdk.src.rpm

 Mandrake Linux 8.0:
 5efc7f1a98c1f7247b6fb30f7c6b18c3  8.0/RPMS/postgresql-7.0.3-12.2mdk.i586.rpm
 14d1437b48658fd17e57874a12df9bf6  8.0/RPMS/postgresql-devel-7.0.3-12.2mdk.i586.rpm
 87da7c0157e906007f557e63a3610ad2  8.0/RPMS/postgresql-jdbc-7.0.3-12.2mdk.i586.rpm
 9101372279a9de865f8e9230c267fdca  8.0/RPMS/postgresql-odbc-7.0.3-12.2mdk.i586.rpm
 7d146729e1d5190fb9a7c35f3774b995  8.0/RPMS/postgresql-perl-7.0.3-12.2mdk.i586.rpm
 8c5aa0969ed33f23fa0f97a16fb52bba  8.0/RPMS/postgresql-python-7.0.3-12.2mdk.i586.rpm
 9046059d6c3b6d69763af21fe1b0b468  8.0/RPMS/postgresql-server-7.0.3-12.2mdk.i586.rpm
 7ae19459d86c364711cf5bb94a9ffcdb  8.0/RPMS/postgresql-tcl-7.0.3-12.2mdk.i586.rpm
 67fee763bda410bd00ab83fe49bfce7f  8.0/RPMS/postgresql-test-7.0.3-12.2mdk.i586.rpm
 f32fdaf106587494144562c57d24e87f  8.0/RPMS/postgresql-tk-7.0.3-12.2mdk.i586.rpm
 3c04ad3beb55cb0b72eaf9f4b1f2d999  8.0/SRPMS/postgresql-7.0.3-12.2mdk.src.rpm

 Mandrake Linux 8.0/ppc:
 71c9ecb612768420fcd5e047da5a09ce  ppc/8.0/RPMS/postgresql-7.0.3-12.2mdk.ppc.rpm
 346817a9457b20dcdee209322e7c74cb  ppc/8.0/RPMS/postgresql-devel-7.0.3-12.2mdk.ppc.rpm
 66f275c92ebaf89240ab378faf403569  ppc/8.0/RPMS/postgresql-jdbc-7.0.3-12.2mdk.ppc.rpm
 7e9633200f47b6a751e3e83ca0588362  ppc/8.0/RPMS/postgresql-odbc-7.0.3-12.2mdk.ppc.rpm
 5a85a3faf44983cf78dc1f8c25d953a2  ppc/8.0/RPMS/postgresql-perl-7.0.3-12.2mdk.ppc.rpm
 7f8cc734d2adffaa4dc5340bde53b36a  ppc/8.0/RPMS/postgresql-python-7.0.3-12.2mdk.ppc.rpm
 54cb5c016702ff37056348fd82020b73  ppc/8.0/RPMS/postgresql-server-7.0.3-12.2mdk.ppc.rpm
 6c6d997f712d75fae4e4d19450da23c9  ppc/8.0/RPMS/postgresql-tcl-7.0.3-12.2mdk.ppc.rpm
 84552162f68cd57962c14ffb274320dd  ppc/8.0/RPMS/postgresql-test-7.0.3-12.2mdk.ppc.rpm
 944e0d4734ce10bea121e26e5576a119  ppc/8.0/RPMS/postgresql-tk-7.0.3-12.2mdk.ppc.rpm
 3c04ad3beb55cb0b72eaf9f4b1f2d999  ppc/8.0/SRPMS/postgresql-7.0.3-12.2mdk.src.rpm

 Mandrake Linux 8.1:
 76fb8af371b76b9d65259d1e9aa51436  8.1/RPMS/postgresql-7.1.2-19.2mdk.i586.rpm
 4af66f7e6842870aabd294fe906cc1fc  8.1/RPMS/postgresql-contrib-7.1.2-19.2mdk.i586.rpm
 faef5cd80088577d512698b864d669b2  8.1/RPMS/postgresql-devel-7.1.2-19.2mdk.i586.rpm
 56af9d8d29ca41a3f6c52422c98f8c8e  8.1/RPMS/postgresql-docs-7.1.2-19.2mdk.i586.rpm
 1547e49aa292001e35d16f02456644d5  8.1/RPMS/postgresql-jdbc-7.1.2-19.2mdk.i586.rpm
 4615f60733754933595803f157a093df  8.1/RPMS/postgresql-libs-7.1.2-19.2mdk.i586.rpm
 10b1cfa3133e3944494e93d8c7333506  8.1/RPMS/postgresql-odbc-7.1.2-19.2mdk.i586.rpm
 c719362c982140f679606794ebd1db81  8.1/RPMS/postgresql-perl-7.1.2-19.2mdk.i586.rpm
 63f3c0f863427746925a4fa695a276d4  8.1/RPMS/postgresql-plperl-7.1.2-19.2mdk.i586.rpm
 e4a170fc18f0bf850c33e455077db0b3  8.1/RPMS/postgresql-python-7.1.2-19.2mdk.i586.rpm
 8085de6f2d5487f8db3e2fefbab35426  8.1/RPMS/postgresql-server-7.1.2-19.2mdk.i586.rpm
 72eb421e0e2d912be00f1ddac6462b62  8.1/RPMS/postgresql-tcl-7.1.2-19.2mdk.i586.rpm
 840b456f59f177bf01c4c657995f1d9c  8.1/RPMS/postgresql-test-7.1.2-19.2mdk.i586.rpm
 3eacfd3bcc47e18ecbc956042f6bc6f4  8.1/RPMS/postgresql-tk-7.1.2-19.2mdk.i586.rpm
 e1aa8f4f81d3223c62cc3861da914745  8.1/SRPMS/postgresql-7.1.2-19.2mdk.src.rpm

 Mandrake Linux 8.1/ia64:
 0ffc167ed32e6e0ff2a3eac64b933082  ia64/8.1/RPMS/postgresql-7.1.2-19.2mdk.ia64.rpm
 90f166683ad235ecca04ab810e838d13  ia64/8.1/RPMS/postgresql-contrib-7.1.2-19.2mdk.ia64.rpm
 2be57d9ac0aa736f03c8a4ebb004f8d9  ia64/8.1/RPMS/postgresql-devel-7.1.2-19.2mdk.ia64.rpm
 1f00364da1ee49132d8b1032022a41c6  ia64/8.1/RPMS/postgresql-docs-7.1.2-19.2mdk.ia64.rpm
 eeecff9d686b96e0971d63c11b3a0940  ia64/8.1/RPMS/postgresql-jdbc-7.1.2-19.2mdk.ia64.rpm
 9222cdf5831462ee8d98f9ce4c7ad845  ia64/8.1/RPMS/postgresql-libs-7.1.2-19.2mdk.ia64.rpm
 1fbdce936e0bce92a41598cd83cb1870  ia64/8.1/RPMS/postgresql-odbc-7.1.2-19.2mdk.ia64.rpm
 05691d38995e968630d0496a2290efd0  ia64/8.1/RPMS/postgresql-perl-7.1.2-19.2mdk.ia64.rpm
 36b968c379fa37fff94e272d77c8ddff  ia64/8.1/RPMS/postgresql-plperl-7.1.2-19.2mdk.ia64.rpm
 b2ea08a161796120cb2fef551767f423  ia64/8.1/RPMS/postgresql-python-7.1.2-19.2mdk.ia64.rpm
 125172a1b5cf1288f1facc6f0d8b3f1a  ia64/8.1/RPMS/postgresql-server-7.1.2-19.2mdk.ia64.rpm
 a1f0f1b341df03f7ed1d83468b8b80b6  ia64/8.1/RPMS/postgresql-tcl-7.1.2-19.2mdk.ia64.rpm
 b462e41c3d0e7bef83f2f36cf3943ed4  ia64/8.1/RPMS/postgresql-test-7.1.2-19.2mdk.ia64.rpm
 414da6ea223e9f2c50516b2c088d430a  ia64/8.1/RPMS/postgresql-tk-7.1.2-19.2mdk.ia64.rpm
 e1aa8f4f81d3223c62cc3861da914745  ia64/8.1/SRPMS/postgresql-7.1.2-19.2mdk.src.rpm

 Mandrake Linux 8.2:
 52d35812236f3238006c7ae9798fe0f0  8.2/RPMS/libecpg3-7.2-12.1mdk.i586.rpm
 cd072b4b4a35884c1d00c0197693098f  8.2/RPMS/libpgperl-7.2-12.1mdk.i586.rpm
 e4ba8824ba7c63dfc992218ca4bb6f92  8.2/RPMS/libpgsql2-7.2-12.1mdk.i586.rpm
 355dd8ca32f4b23d99824f031d66786e  8.2/RPMS/libpgsqlodbc0-7.2-12.1mdk.i586.rpm
 ace04a1a84ed5ecfd4d74fce7a9243f6  8.2/RPMS/libpgtcl2-7.2-12.1mdk.i586.rpm
 0b3caaf99b722be879ed07fcc4c6d0f0  8.2/RPMS/postgresql-7.2-12.1mdk.i586.rpm
 065ef2e8ffcb08384c63e9bbbf74c532  8.2/RPMS/postgresql-contrib-7.2-12.1mdk.i586.rpm
 382dfbe1e9ee29d5e797d2bdfacca2cf  8.2/RPMS/postgresql-devel-7.2-12.1mdk.i586.rpm
 7bac249d7c1fef9ca2c53ddb98a5523c  8.2/RPMS/postgresql-docs-7.2-12.1mdk.i586.rpm
 bb52189a459a1e96d5cc91b95b16d24e  8.2/RPMS/postgresql-jdbc-7.2-12.1mdk.i586.rpm
 0916d4540458bc767066c1005ce5ec98  8.2/RPMS/postgresql-python-7.2-12.1mdk.i586.rpm
 adc45429a5226fe1f8e49d3d5439cb19  8.2/RPMS/postgresql-server-7.2-12.1mdk.i586.rpm
 39ee581f9ef2245cbd93d11639168feb  8.2/RPMS/postgresql-tcl-7.2-12.1mdk.i586.rpm
 27580452c284277202719aedaa070e1b  8.2/RPMS/postgresql-test-7.2-12.1mdk.i586.rpm
 70ce19a94c5e2cee655f230b033e0048  8.2/RPMS/postgresql-tk-7.2-12.1mdk.i586.rpm
 8e4515b75e75680fa8d2c258bbaba328  8.2/SRPMS/postgresql-7.2-12.1mdk.src.rpm

 Mandrake Linux 8.2/ppc:
 f69a7be7c3396d256ef12e6c2a290ebf  ppc/8.2/RPMS/libecpg3-7.2-12.1mdk.ppc.rpm
 581f09070af627322c49c13dfb6905b9  ppc/8.2/RPMS/libpgperl-7.2-12.1mdk.ppc.rpm
 3cb1de5e72e6014a4793377e25872f20  ppc/8.2/RPMS/libpgsql2-7.2-12.1mdk.ppc.rpm
 fb461ecadb91c697025b1d3ec9644f2c  ppc/8.2/RPMS/libpgsqlodbc0-7.2-12.1mdk.ppc.rpm
 9e98b3c1ab8d1a8a61bf99bff546ad7d  ppc/8.2/RPMS/libpgtcl2-7.2-12.1mdk.ppc.rpm
 0e066af5151825bfabbda277166d05b3  ppc/8.2/RPMS/postgresql-7.2-12.1mdk.ppc.rpm
 c08686d790295d9bd948ea4a4dcd265a  ppc/8.2/RPMS/postgresql-contrib-7.2-12.1mdk.ppc.rpm
 aa24566330eb5de705a0bd79235163e9  ppc/8.2/RPMS/postgresql-devel-7.2-12.1mdk.ppc.rpm
 4946a43343e8deb738bb35a659b607dd  ppc/8.2/RPMS/postgresql-docs-7.2-12.1mdk.ppc.rpm
 637e552d1abb1fce8cd25d040dd262ca  ppc/8.2/RPMS/postgresql-jdbc-7.2-12.1mdk.ppc.rpm
 081013c5c69bca0dfaf7c9d2fbc8c7f9  ppc/8.2/RPMS/postgresql-python-7.2-12.1mdk.ppc.rpm
 627c8a0d76bc37b9f3fc80cec2b94227  ppc/8.2/RPMS/postgresql-server-7.2-12.1mdk.ppc.rpm
 0114bdd5a2171d2f244fd7c8a95945fa  ppc/8.2/RPMS/postgresql-tcl-7.2-12.1mdk.ppc.rpm
 1c9f749325b1afda54eede507283420c  ppc/8.2/RPMS/postgresql-test-7.2-12.1mdk.ppc.rpm
 4a6f02f88829015517e99a58cc98a36c  ppc/8.2/RPMS/postgresql-tk-7.2-12.1mdk.ppc.rpm
 8e4515b75e75680fa8d2c258bbaba328  ppc/8.2/SRPMS/postgresql-7.2-12.1mdk.src.rpm

 Mandrake Linux 9.0:
 3688bb997a5dffb82c6b4c89b8753269  9.0/RPMS/libecpg3-7.2.2-1.1mdk.i586.rpm
 b51e4805b05ea067deb60a545b8730a7  9.0/RPMS/libpgperl-7.2.2-1.1mdk.i586.rpm
 72c9cd6f6c07ae7e002f676aa92d0834  9.0/RPMS/libpgsql2-7.2.2-1.1mdk.i586.rpm
 65d8794ad5c37bb378ade13027e60367  9.0/RPMS/libpgsqlodbc0-7.2.2-1.1mdk.i586.rpm
 3863a0206048bf2a07a094c0259b5655  9.0/RPMS/libpgtcl2-7.2.2-1.1mdk.i586.rpm
 4d80bce8597a33e39554cc42173d7274  9.0/RPMS/postgresql-7.2.2-1.1mdk.i586.rpm
 82cf599901ed605f80fba18aaba00fdd  9.0/RPMS/postgresql-contrib-7.2.2-1.1mdk.i586.rpm
 18599c776db024a4750cb9a3512550b9  9.0/RPMS/postgresql-devel-7.2.2-1.1mdk.i586.rpm
 f46cb8a37432a4f068481232f77bf410  9.0/RPMS/postgresql-docs-7.2.2-1.1mdk.i586.rpm
 49c9669a0bec34d9f9b84d9fa67a017e  9.0/RPMS/postgresql-jdbc-7.2.2-1.1mdk.i586.rpm
 f6237f357da235b474a31a6d37ed2ed4  9.0/RPMS/postgresql-python-7.2.2-1.1mdk.i586.rpm
 33cde72c6c9e1ba777c8bcec2ffb7b95  9.0/RPMS/postgresql-server-7.2.2-1.1mdk.i586.rpm
 c1db49f50ebcaea38cd4079cbb524120  9.0/RPMS/postgresql-tcl-7.2.2-1.1mdk.i586.rpm
 2e2f2d62e37a0139d15d2202540e78c6  9.0/RPMS/postgresql-test-7.2.2-1.1mdk.i586.rpm
 f43cfd99c469c59016cdcd2d8e961b71  9.0/RPMS/postgresql-tk-7.2.2-1.1mdk.i586.rpm
 a5617dd45afd0647f3014effb240afd3  9.0/SRPMS/postgresql-7.2.2-1.1mdk.src.rpm

 Single Network Firewall 7.2:
 bd638759a853147e32dcd2ecd8d580db  snf7.2/RPMS/postgresql-7.0.2-6.1mdk.i586.rpm
 df11fb051c34b5fb652f32eaa6100a0b  snf7.2/SRPMS/postgresql-7.0.2-6.1mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one 
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

   http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig 

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to 
update.

You can view other update advisories for Mandrake Linux at:

   http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

   http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
________________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security@linux-mandrake.com>




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.