Family: Red Hat Local Security Checks --> Category: infos
RHSA-2003-314: postgresql Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the postgresql packages
Detailed Explanation for this Vulnerability Test
Updated PostgreSQL packages that correct a buffer overflow in the to_ascii
routines are now available.
PostgreSQL is an advanced Object-Relational database management system
Two bugs that can lead to buffer overflows have been found in the
PostgreSQL abstract data type to ASCII conversion routines. A remote
attacker who is able to influence the data passed to the to_ascii functions
may be able to execute arbitrary code in the context of the PostgreSQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2003-0901 to these issues.
In addition, a bug that can lead to leaks has been found in the string to
timestamp abstract data type conversion routine. If the input string to
the to_timestamp() routine is shorter than what the template string is
expecting, the routine will run off the end of the input string, resulting
in a leak and unstable behaviour.
Users of PostgreSQL are advised to upgrade to these erratum packages, which
contain a backported patch that corrects these issues.
Solution : http://rhn.redhat.com/errata/RHSA-2003-314.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.