Lucene search

K
ubuntuUbuntuUSN-1058-1
HistoryFeb 03, 2011 - 12:00 a.m.

PostgreSQL vulnerability

2011-02-0300:00:00
ubuntu.com
30

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.019

Percentile

88.5%

Releases

  • Ubuntu 10.10
  • Ubuntu 10.04
  • Ubuntu 9.10
  • Ubuntu 8.04
  • Ubuntu 6.06

Packages

  • postgresql-8.1 -
  • postgresql-8.3 -
  • postgresql-8.4 -

Details

Geoff Keating reported that a buffer overflow exists in the intarray
module’s input function for the query_int type. This could allow an
attacker to cause a denial of service or possibly execute arbitrary
code as the postgres user.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchpostgresql-contrib-8.4< 8.4.7-0ubuntu0.9.10UNKNOWN
Ubuntu9.10noarchlibecpg-compat3< 8.4.7-0ubuntu0.9.10UNKNOWN
Ubuntu9.10noarchlibecpg-dev< 8.4.7-0ubuntu0.9.10UNKNOWN
Ubuntu9.10noarchlibecpg6< 8.4.7-0ubuntu0.9.10UNKNOWN
Ubuntu9.10noarchlibpgtypes3< 8.4.7-0ubuntu0.9.10UNKNOWN
Ubuntu9.10noarchlibpq-dev< 8.4.7-0ubuntu0.9.10UNKNOWN
Ubuntu9.10noarchlibpq5< 8.4.7-0ubuntu0.9.10UNKNOWN
Ubuntu9.10noarchpostgresql-8.4< 8.4.7-0ubuntu0.9.10UNKNOWN
Ubuntu9.10noarchpostgresql-client-8.4< 8.4.7-0ubuntu0.9.10UNKNOWN
Ubuntu9.10noarchpostgresql-plperl-8.4< 8.4.7-0ubuntu0.9.10UNKNOWN
Rows per page:
1-10 of 651

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.019

Percentile

88.5%