[26751] in bugtraq
Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL
daemon@ATHENA.MIT.EDU (Florian Weimer)
Wed Aug 21 10:52:47 2002
To: Sir Mordred The Traitor <mordred@s-mail.com>
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Tue, 20 Aug 2002 22:43:23 +0200
In-Reply-To: <3d625221.b5d3dee6@s-mail.com> (Sir Mordred The Traitor's
message of "Tue, 20 Aug 2002 14:28:49 +0000")
Message-ID: <87sn191ct0.fsf@CERT.Uni-Stuttgart.DE>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sir Mordred The Traitor <mordred@s-mail.com> writes:
> --[ Solution
>
> Do you still running postgresql? ...Can't believe that...
> If so, execute the following command as a root: "killall -9 postmaster",
> and wait until the patch will be available.
There's no need for such drastic action. Executing
DROP FUNCTION "repeat" (text, integer);
as the PostgreSQL superuser (usually "postgres") is sufficient in this
case. Most installations won't ever need this procedure anyway.
By the way: This bug is very similar to the xdr_array/calloc/new[] bug
(see e.g. http://cert.uni-stuttgart.de/advisories/calloc.php).
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
