Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200502-19
HistoryFeb 14, 2005 - 12:00 a.m.

PostgreSQL: Buffer overflows in PL/PgSQL parser

2005-02-1400:00:00
Gentoo Foundation
security.gentoo.org
11

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.626 Medium

EPSS

Percentile

97.8%

JSON

Background

PostgreSQL is a SQL compliant, open source object-relational database management system.

Description

PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser.

Impact

A remote attacker could send a malicious query resulting in the execution of arbitrary code with the permissions of the user running PostgreSQL.

Workaround

There is no known workaround at this time.

Resolution

All PostgreSQL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose dev-db/postgresql
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/postgresql< 7.3.9-r1UNKNOWN

Related

postgresql 1
nessus 12
suse 2
openvas 13
freebsd 1
debian 2
cve 2
ubuntucve 2
osv 1
redhat 3
ubuntu 1
postgresql
postgresql
Vulnerability in core server (CVE-2005-0247)
2005-05-02 04:00:00
nessus
nessus
Fedora Core 3 : postgresql-7.4.7-3.FC3.1 (2005-157)
2005-09-12 00:00:00
FreeBSD : postgresql -- multiple buffer overflows in PL/PgSQL parser (6b4b0b3f-8127-11d9-a9e7-0001020eed82)
2005-07-13 00:00:00
GLSA-200502-19 : PostgreSQL: Buffer overflows in PL/PgSQL parser
2005-02-15 00:00:00
suse
suse
remote code execution in postgresql
2005-04-20 08:52:32
race condition, arbitrary code execution in sudo
2005-06-24 12:44:43
openvas
openvas
Gentoo Security Advisory GLSA 200502-19 (postgresql)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200502-19 (postgresql)
2008-09-24 00:00:00
FreeBSD Ports: postgresql, postgresql-server, ja-postgresql
2008-09-04 00:00:00
freebsd
freebsd
postgresql -- multiple buffer overflows in PL/PgSQL parser
2005-02-07 00:00:00
debian
debian
[SECURITY] [DSA 683-1] New postgresql packages fix arbitrary code execution
2005-02-15 16:03:24
[SECURITY] [DSA 683-1] New postgresql packages fix arbitrary code execution
2005-02-15 16:03:24
cve
cve
CVE-2005-0247
2005-05-02 04:00:00
CVE-2005-0245
2005-02-01 05:00:00
ubuntucve
ubuntucve
CVE-2005-0247
2005-05-02 00:00:00
CVE-2005-0245
2005-02-01 00:00:00
osv
osv
postgresql - buffer overflows
2005-02-15 00:00:00
redhat
redhat
(RHSA-2005:150) postgresql security update
2005-02-16 00:00:00
(RHSA-2005:141) rh-postgresql security update
2005-02-14 00:00:00
(RHSA-2005:138) postgresql security update
2005-02-15 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2005-02-11 00:00:00

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.626 Medium

EPSS

Percentile

97.8%

JSON
Related for GLSA-200502-19
postgresql1nessus12suse2openvas13freebsd1debian2cve2ubuntucve2osv1redhat3ubuntu1