SB2013032612 - Input validation error in postgresql (Alpine package)
Published: March 26, 2013
Security Bulletin ID
SB2013032612
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-0255)
The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5a27ed0c06e6bbf81ef890eded0fd3f7c2477540
- https://git.alpinelinux.org/aports/commit/?id=fbf4df1c1248b725642db57ec520f522179f4e27
- https://git.alpinelinux.org/aports/commit/?id=cf92a7ac79a90ece0ec990046d11ed22311651c2
- https://git.alpinelinux.org/aports/commit/?id=4bea5c352064484459f74160f373a118deddd4c9