|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-0227: postgresql: LOAD vulnerability | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Reinhard Max <max> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | max, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | CVSSv2:NVD:CVE-2005-0227:4.3:(AV:L/AC:L/Au:S/C:P/I:P/A:P) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
patchinfo-sles8.psql
patchinfo-sles9.psql |
||
|
Description
Reinhard Max
2005-01-26 19:30:27 UTC
I'll handle swamp and patchinfo ASAP SM-Tracker-231 Created attachment 27931 [details]
patchinfo-sles8.psql
Created attachment 27932 [details]
patchinfo-sles9.psql
Please use the following patchinfo text stub for the box patchinfo files. I was not able to comb out the different package names for the different versions of SL. PACKAGER: max@suse.de BUGZILLA: 50191 CATEGORY: security DESCRIPTION: Security Update: This update fixes the possibility for unprivileged users to load and execute arbitray code from shared libraries via the LOAD SQL statement in the database beckend. DESCRIPTION_DE: Sicherheits-Update: Mit diesem Update ist es fortan nicht mehr moeglich, dass unpriviligierte Benutzer das LOAD SQL-Statement benutzen, um beliebigen Code von Shared-Libraries im DB-Backend zu laden und auszufuehren. A couple more must-fix issues have popped up at the PostgreSQL team, and so the patch releases have been delayed until Sunday or Monday... Packages submitted. Patchinfo will follow tommorrow. BTW, this vulnerability was also reported on Heise today: http://www.heise.de/newsticker/meldung/55828 Thanks. Patchinfo files submitted to /work/src/done/PATCHINFO/postgresql.patch.* Reassigning to security-team for further tracking... Thanks. Reinhard, the additional vulnerabilities you talked about in comment #6 were these the folowing? -- A flaw in the LOAD command in PostgreSQL was discovered. CAN-2005-0227 A local user could bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command. CAN-2005-0244 Multiple buffer overflows were found in PL/PgSQL. CAN-2005-0245, CAN-2005-0247 A flaw in contrib/intagg CAN-2005-0246 -- Are they fixed too? Where can I look up the full text for these CAN IDs? CAN-2005-0227 is what this bug report originally was about, so that onw will be fixed with this update. The others are all reported against 8.0.1, which was released together with the latest 7.x patch releases to fix CAN-2005-0227. This means that the other vulnerabilities either don't exist in the 7.x series, or are not fixed in the latest releases. I think that the PostgreSQL team will soon come up with another round of patch releases for all versions that are affected by these vulnreabilities. i opened a new one for the new issues, http://bugzilla.suse.de/show_bug.cgi?id=50692 fixed |