Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1397

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1397
Last Modified 10 Sep 2008 03:14:30
Published 17 Jan 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1397

Summary

Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow.

Vulnerable Systems

Application

  • Postgresql 6.3.2

  • Postgresql 6.5.3

  • Postgresql 7.0.3

  • Postgresql 7.1

  • Postgresql 7.1.1

  • Postgresql 7.1.2

  • Postgresql 7.1.3

  • Postgresql 7.2


References

BUGTRAQ - 20020819 @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL

XF - postgresql-cashwords-bo(9891)

BID - 5497

REDHAT - RHSA-2003:001

SECUNIA - 8034

CONECTIVA - CLA-2002:524

MISC - http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52


Last Updated: 27 May 2016 10:37:19