postgresql -- multiple vulnerabilities

2005-02-01T00:00:00
ID 65C8ECF9-2ADB-11DB-A6E2-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2005-02-01T00:00:00

Description

Multiple vulnerabilities had been reported in various versions of PostgreSQL:

The EXECUTE restrictions can be bypassed by using the AGGREGATE function, which is missing a permissions check. A buffer overflow exists in gram.y which could allow an attacker to execute arbitrary code by sending a large number of arguments to a refcursor function, found in gram.y The intagg contributed module allows an attacker to crash the server (Denial of Service) by constructing a malicious crafted array.