Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1398

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2002-1398
Last Modified 10 Sep 2008 03:14:30
Published 17 Jan 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1398

Summary

Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability "in handling long datetime input."

Vulnerable Systems

Application

  • Postgresql 6.3.2

  • Postgresql 6.5.3

  • Postgresql 7.0.3

  • Postgresql 7.1

  • Postgresql 7.1.1

  • Postgresql 7.1.2

  • Postgresql 7.1.3

  • Postgresql 7.2

  • Postgresql 7.2.1


References

SUSE - SuSE-SA:2002:038

DEBIAN - DSA-165

BUGTRAQ - 20020819 Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL

CONFIRM - http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php

REDHAT - RHSA-2003:001

SECUNIA - 8034

CONFIRM - http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644

BUGTRAQ - 20020826 GLSA: PostgreSQL

BUGTRAQ - 20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release

BUGTRAQ - 20020821 Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL


Last Updated: 27 May 2016 10:37:19