Bugtraq mailing list archives

Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL

From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: Tue, 20 Aug 2002 22:43:23 +0200

Sir Mordred The Traitor <mordred () s-mail com> writes:

--[ Solution

Do you still running postgresql? ...Can't believe that...
If so, execute the following command as a root: "killall -9 postmaster",
and wait until the patch will be available.


There's no need for such drastic action.  Executing

DROP FUNCTION "repeat" (text, integer);

as the PostgreSQL superuser (usually "postgres") is sufficient in this
case.  Most installations won't ever need this procedure anyway.

By the way: This bug is very similar to the xdr_array/calloc/new[] bug
(see e.g. http://cert.uni-stuttgart.de/advisories/calloc.php).

-- 
Florian Weimer                    Weimer () CERT Uni-Stuttgart DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Current thread:

@(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL Sir Mordred The Traitor (Aug 20)
- Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL Florian Weimer (Aug 21)
- Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL Lamar Owen (Aug 21)
  - Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL Steffen Dettmer (Aug 22)