Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 456080 (CVE-2013-0255) - <dev-db/postgresql-{base,server,docs}-{8.3.23,8.4.16,9.0.12,9.1.8,9.2.3} : "enum_recv()" Denial of Service Vulnerability (CVE-2013-0255)
Summary: <dev-db/postgresql-{base,server,docs}-{8.3.23,8.4.16,9.0.12,9.1.8,9.2.3} : "e...
Status: RESOLVED FIXED
Alias: CVE-2013-0255
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/51923/
Whiteboard: B3 [glsa]
Keywords:
: 456480 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-02-07 19:32 UTC by Agostino Sarubbo
Modified: 2014-08-31 11:30 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-02-07 19:32:02 UTC
From $URL :

Description
Sumit Soni has discovered a vulnerability in PostgreSQL, which can be exploited by malicious users 
to cause a DoS (Denial of Service).

The vulnerability is caused due an input validation error within the "enum_recv()" function 
(backend/utils/adt/enum.c) and can be exploited to crash the server via a specially crafted SQL 
query.

The vulnerability is confirmed in version 9.2.2-1 64-bit. Prior versions may also be affected.


Solution
Update to version 8.3.23, 8.4.16, 9.0.12, 9.1.8, or 9.2.3.

Provided and/or discovered by
Sumit Soni via Secunia.
Comment 1 Aaron W. Swenson gentoo-dev 2013-02-08 18:58:53 UTC
Stabilization targets:
dev-db/postgresql-{docs,base,server}-{8.3.23,8.4.16,9.0.12,9.1.8,9.2.3}

*postgresql-docs-9.2.3 (08 Feb 2013)
*postgresql-docs-9.1.8 (08 Feb 2013)
*postgresql-docs-9.0.12 (08 Feb 2013)
*postgresql-docs-8.4.16 (08 Feb 2013)
*postgresql-docs-8.3.23 (08 Feb 2013)

  08 Feb 2013; Aaron W. Swenson <titanofold@gentoo.org>
  +postgresql-docs-8.3.23.ebuild, +postgresql-docs-8.4.16.ebuild,
  +postgresql-docs-9.0.12.ebuild, +postgresql-docs-9.1.8.ebuild,
  +postgresql-docs-9.2.3.ebuild:
  Security bump. (Bug 456080)

*postgresql-base-9.2.3 (08 Feb 2013)
*postgresql-base-9.1.8 (08 Feb 2013)
*postgresql-base-9.0.12 (08 Feb 2013)
*postgresql-base-8.4.16 (08 Feb 2013)
*postgresql-base-8.3.23 (08 Feb 2013)

  08 Feb 2013; Aaron W. Swenson <titanofold@gentoo.org>
  +postgresql-base-8.3.23.ebuild, +postgresql-base-8.4.16.ebuild,
  +postgresql-base-9.0.12.ebuild, +postgresql-base-9.1.8.ebuild,
  +postgresql-base-9.2.3.ebuild, postgresql-base-9999.ebuild:
  Append ${SLOT} to PAM service name; each slot now has its own PAM service
  file. (Bug 443113) Security bump. (Bug 456080)

*postgresql-server-9.2.3 (08 Feb 2013)
*postgresql-server-9.1.8 (08 Feb 2013)
*postgresql-server-9.0.12 (08 Feb 2013)
*postgresql-server-8.4.16 (08 Feb 2013)
*postgresql-server-8.3.23 (08 Feb 2013)

  08 Feb 2013; Aaron W. Swenson <titanofold@gentoo.org>
  +postgresql-server-8.3.23.ebuild, +postgresql-server-8.4.16.ebuild,
  +postgresql-server-9.0.12.ebuild, +postgresql-server-9.1.8.ebuild,
  +postgresql-server-9.2.3.ebuild, postgresql-server-9999.ebuild:
  Added kerberos USE flag. (Bug 427948) Use python-single-r1.eclass to build
  PL/Python against the Python of the users choosing. (Bug 427954) 'use'
  instead of 'need' logger in /etc/init.d/postgresql-${SLOT}. (Bug 435280)
  Default to sane character encoding default with --encoding=UTF-8 in
  /etc/conf.d/postgresql-${SLOT}. (Bug 440258) Append ${SLOT} to PAM service
  name; each slot now has its own PAM service file. (Bug 443113) Security
  bump. (Bug 456080)
Comment 2 Aaron W. Swenson gentoo-dev 2013-02-08 20:07:29 UTC
Per Agostino's request, a full, explicit list for the stabilization targets:
dev-db/postgresql-docs-9.2.3
dev-db/postgresql-docs-9.1.8
dev-db/postgresql-docs-9.0.12
dev-db/postgresql-docs-8.4.16
dev-db/postgresql-docs-8.3.23

dev-db/postgresql-base-9.2.3
dev-db/postgresql-base-9.1.8
dev-db/postgresql-base-9.0.12
dev-db/postgresql-base-8.4.16
dev-db/postgresql-base-8.3.23

dev-db/postgresql-server-9.2.3
dev-db/postgresql-server-9.1.8
dev-db/postgresql-server-9.0.12
dev-db/postgresql-server-8.4.16
dev-db/postgresql-server-8.3.23
Comment 3 Aaron W. Swenson gentoo-dev 2013-02-09 12:48:04 UTC
dev-db/postgresql-base-9.2.3 used the wrong patch set. So, it's been replaced. Here's the updated list:

=dev-db/postgresql-docs-9.2.3
=dev-db/postgresql-docs-9.1.8
=dev-db/postgresql-docs-9.0.12
=dev-db/postgresql-docs-8.4.16
=dev-db/postgresql-docs-8.3.23

=dev-db/postgresql-base-9.2.3-r1
=dev-db/postgresql-base-9.1.8
=dev-db/postgresql-base-9.0.12
=dev-db/postgresql-base-8.4.16
=dev-db/postgresql-base-8.3.23

=dev-db/postgresql-server-9.2.3
=dev-db/postgresql-server-9.1.8
=dev-db/postgresql-server-9.0.12
=dev-db/postgresql-server-8.4.16
=dev-db/postgresql-server-8.3.23
Comment 4 Aaron W. Swenson gentoo-dev 2013-02-10 13:23:39 UTC
*** Bug 456480 has been marked as a duplicate of this bug. ***
Comment 5 Agostino Sarubbo gentoo-dev 2013-02-11 14:37:50 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-02-11 14:41:12 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-02-11 14:44:00 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-02-11 14:46:22 UTC
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-02-11 14:49:10 UTC
ia64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-02-11 15:28:34 UTC
alpha stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-02-11 15:30:58 UTC
arm stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-02-11 15:34:06 UTC
s390 stable
Comment 13 Agostino Sarubbo gentoo-dev 2013-02-11 16:17:37 UTC
sparc stable
Comment 14 Agostino Sarubbo gentoo-dev 2013-02-11 18:21:25 UTC
hppa stable
Comment 15 Aaron W. Swenson gentoo-dev 2013-02-12 18:30:12 UTC
I had to fix bug 456964 so that the PGSQL_PAM_SERVICE would be updated properly. With Ago's permission, I did a revbump preserving stablization.

Updated list:
=dev-db/postgresql-docs-9.2.3
=dev-db/postgresql-docs-9.1.8
=dev-db/postgresql-docs-9.0.12
=dev-db/postgresql-docs-8.4.16
=dev-db/postgresql-docs-8.3.23

=dev-db/postgresql-base-9.2.3-r1
=dev-db/postgresql-base-9.1.8
=dev-db/postgresql-base-9.0.12
=dev-db/postgresql-base-8.4.16
=dev-db/postgresql-base-8.3.23

=dev-db/postgresql-server-9.2.3-r1
=dev-db/postgresql-server-9.1.8-r1
=dev-db/postgresql-server-9.0.12-r1
=dev-db/postgresql-server-8.4.16-r1
=dev-db/postgresql-server-8.3.23-r1
Comment 16 Agostino Sarubbo gentoo-dev 2013-02-26 18:52:13 UTC
sh stable
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2013-03-04 23:19:43 UTC
CVE-2013-0255 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0255):
  PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12,
  8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the
  enum_recv function in backend/utils/adt/enum.c, which causes it to be
  invoked with incorrect arguments and allows remote authenticated users to
  cause a denial of service (server crash) or read sensitive process memory
  via a crafted SQL command, which triggers an array index error and an
  out-of-bounds read.
Comment 18 Tobias Heinlein (RETIRED) gentoo-dev 2013-03-24 19:46:56 UTC
Ready for vote, I vote YES.
Comment 19 Sean Amoss (RETIRED) gentoo-dev Security 2013-04-10 20:57:02 UTC
GLSA vote: yes.

GLSA drafted.
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2014-08-29 23:47:52 UTC
This issue was resolved and addressed in
 GLSA 201408-15 at http://security.gentoo.org/glsa/glsa-201408-15.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).
Comment 21 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 11:30:04 UTC
This issue was resolved and addressed in
 GLSA 201408-15 at http://security.gentoo.org/glsa/glsa-201408-15.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).