PostgreSQL security releases 8.0.6 and 8.1.2

Type securityvulns
Reporter Securityvulns
Modified 2006-01-12T00:00:00


PostgreSQL versions 8.0.6 and 8.1.2 have been released fixing a remote denial of service vulnerability on the win32 platform.


Vulnerability type: Denial of service Remotely exploitable: Yes

Affected versions: PostgreSQL 8.0.0-8.0.5, 8.1.0-8.1.1 Fixed versions: PostgreSQL 8.0.6, 8.1.2

Affected platforms: Win32 Non-affected platforms: All non-win32, including Unix, MacOS X and Cygwin.

CVE: CVE-2006-0105 (

Vulnerability description

When the postmaster process detects too many attempted connections at the same time, it will incorrectly log a FATAL error and shut down. This will not affect existing processes, but will make it impossible to initiate new connections until the service is restarted.

This is a denial of service vulnerability only. As it is a standard emergency shutdown, it can not be exploited for remote code execution.


Upgrade to version 8.0.6 or 8.1.2 respectively, available from in both source and binary formats.


Implementing proper firewalling at the network and host level will help mitigate this vulnerability. No other workarounds are possible.


2005-12-22 - Vulnerability reported to 2005-12-23 - Patch created 2006-01-06 - Patch applied to main tree and new versions packaged 2006-01-09 - New versions announced


The PostgreSQL Global Development Group thanks Yoshiyuki Asaba for reporting this vulnerability.