Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 353387 (CVE-2010-4015) - <postgresql-{server,base}-{9.0.3,8.4.7,8.3.14,8.2.20}: Stack-based buffer overflow by processing certain tokens from SQL query string when intarray module enabled (CVE-2010-4015)
Summary: <postgresql-{server,base}-{9.0.3,8.4.7,8.3.14,8.2.20}: Stack-based buffer ove...
Status: RESOLVED FIXED
Alias: CVE-2010-4015
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.postgresql.org/support/sec...
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-01 11:07 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2011-10-25 07:51 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-01 11:07:22 UTC
https://bugzilla.redhat.com/show_bug.cgi?id=664402

A stack-based buffer overflow flaw was found in the way
PostgreSQL Object-Relational database management system (DBMS)
processed certain tokens from the SQL query, when the intarray
module was enabled on the particular database. An authenticated
database user, when the intarray module was enabled on that
particular database, running a specially-crafted SQL query
could use this flaw to cause a temporary denial of service
(postgres daemon crash) or, potentially, execute arbitrary
code with the privileges of the database server.

Flaw exploitation requirement:
==============================
This flaw to be successfully exploited requires the intarray
PostgreSQL module to be enabled on a particular database or
in general (for all databases). The intarray module is not
enabled by default in the postgresql package installation,
as shipped with Red Hat Enterprise Linux or Fedora.

References:
-----------
[1] http://www.postgresql.org/docs/current/static/intarray.html
[2] http://www.postgresql.org/docs/current/static/contrib.html

http://www.postgresql.org/support/security.html

Versions containing fixes: 9.0.3, 8.4.7, 8.3.14, 8.2.20
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-01 11:09:11 UTC
postgresql maintainers, is it OK to stabilize? Please advise which packages and versions need to go stable.
Comment 2 Patrick Lauer gentoo-dev 2011-02-01 11:17:30 UTC
postgresql-{server,base,docs} in versions:
9.0.3, 8.4.7, 8.3.14, 8.2.20

ebuilds are there already. 
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-01 17:11:16 UTC
(In reply to comment #2)
> postgresql-{server,base,docs} in versions:
> 9.0.3, 8.4.7, 8.3.14, 8.2.20

Thank you. Arches, please stabilize the above.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2011-02-02 00:54:03 UTC
Stable for HPPA.
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2011-02-05 11:41:49 UTC
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2011-02-05 14:20:05 UTC
amd64 ok:

but there's bug 353750 and bug 347005 posted time ago by me
Comment 7 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-02-16 11:19:35 UTC
ppc/ppc64 stable
Comment 8 Markos Chandras (RETIRED) gentoo-dev 2011-02-16 22:21:33 UTC
amd64 done. Thanks Agostino
Comment 9 Tobias Klausmann (RETIRED) gentoo-dev 2011-02-27 10:04:37 UTC
Stable on alpha.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2011-03-06 17:53:49 UTC
arm/ia64/s390/sh/sparc stable
Comment 11 Tim Sammut (RETIRED) gentoo-dev 2011-03-06 19:16:42 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 19:59:12 UTC
CVE-2010-4015 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4015):
  Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in
  the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before
  8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote
  authenticated users to cause a denial of service (crash) and possibly
  execute arbitrary code via integers with a large number of digits to
  unspecified functions.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2011-10-25 07:51:44 UTC
This issue was resolved and addressed in
 GLSA 201110-22 at http://security.gentoo.org/glsa/glsa-201110-22.xml
by GLSA coordinator Alex Legler (a3li).