Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0247

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2005-0247
Last Modified 30 Jul 2013 12:35:03
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2005-0247

Summary

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.

Vulnerable Systems

Application

  • Postgresql 7.2

  • Postgresql 7.2.1

  • Postgresql 7.2.2

  • Postgresql 7.2.3

  • Postgresql 7.2.4

  • Postgresql 7.2.5

  • Postgresql 7.2.6

  • Postgresql 7.2.7

  • Postgresql 7.3

  • Postgresql 7.3.1

  • Postgresql 7.3.2

  • Postgresql 7.3.3

  • Postgresql 7.3.4

  • Postgresql 7.3.5

  • Postgresql 7.3.6

  • Postgresql 7.3.7

  • Postgresql 7.3.8

  • Postgresql 7.3.9

  • Postgresql 7.4

  • Postgresql 7.4.1

  • Postgresql 7.4.2

  • Postgresql 7.4.3

  • Postgresql 7.4.4

  • Postgresql 7.4.5

  • Postgresql 7.4.6

  • Postgresql 7.4.7

  • Postgresql 8.0.0

  • Postgresql 8.0.1


References

XF - postgresql-fetch-makefetchstmt-bo(19378)

XF - postgresql-makeselectstmt-arbitrary-bo(19377)

XF - postgresql-makeselectstmt-input-bo(19376)

XF - postgresql-readsqlconstruct-bo(19375)

REDHAT - RHSA-2005:150

REDHAT - RHSA-2005:138

SUSE - SUSE-SA:2005:027

GENTOO - GLSA-200502-19

DEBIAN - DSA-683

BUGTRAQ - 20050210 [USN-79-1] PostgreSQL vulnerabilities

MLIST - [pgsql-committers] 20050207 pgsql: Prevent 4 more buffer overruns in the PL/PgSQL parser.

BID - 12417

SUSE - SUSE-SA:2005:036

MANDRAKE - MDKSA-2005:040


Last Updated: 27 May 2016 10:39:44