Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0245

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0245
Last Modified 21 Aug 2010 12:25:43
Published 01 Feb 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0245

Summary

Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.

Vulnerable Systems

Application

  • Postgresql 7.2

  • Postgresql 7.2.1

  • Postgresql 7.2.2

  • Postgresql 7.2.3

  • Postgresql 7.2.4

  • Postgresql 7.2.5

  • Postgresql 7.2.6

  • Postgresql 7.2.7

  • Postgresql 7.3

  • Postgresql 7.3.1

  • Postgresql 7.3.2

  • Postgresql 7.3.3

  • Postgresql 7.3.4

  • Postgresql 7.3.5

  • Postgresql 7.3.6

  • Postgresql 7.3.7

  • Postgresql 7.3.8

  • Postgresql 7.3.9

  • Postgresql 7.4

  • Postgresql 7.4.1

  • Postgresql 7.4.2

  • Postgresql 7.4.3

  • Postgresql 7.4.4

  • Postgresql 7.4.5

  • Postgresql 7.4.6

  • Postgresql 7.4.7

  • Postgresql 8.0


References

XF - postgresql-cursor-bo(19188)

REDHAT - RHSA-2005:150

REDHAT - RHSA-2005:138

SECUNIA - 12948

DEBIAN - DSA-683

BUGTRAQ - 20050210 [USN-79-1] PostgreSQL vulnerabilities

MLIST - [pgsql-patches] 20050120 Re: WIP: pl/pgsql cleanup

MLIST - [pgsql-committers] 20050207 pgsql: Prevent 4 more buffer overruns in the PL/PgSQL parser.

MLIST - [pgsql-committers] 20050121 pgsql: Prevent overrunning a heap-allocated buffer is more than 1024

BID - 12417

SUSE - SUSE-SA:2005:036

MANDRAKE - MDKSA-2005:040


Last Updated: 27 May 2016 10:39:44