Bug 82869 (CVE-2005-1410)

Summary: VUL-0: CVE-2005-1410: postgresql code execution
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Reinhard Max <max>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-1410: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ludwig Nussel 2005-05-09 10:27:07 UTC 
We received the following report via full-disclosure.
The issue is public.

Date: Wed, 4 May 2005 16:57:46 +0200
From: Martin Pitt <martin.pitt@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Subject: [Full-disclosure] [USN-118-1] PostgreSQL vulnerabilities
User-Agent: Mutt/1.5.9i
X-Spam-Level: 

===========================================================
Ubuntu Security Notice USN-118-1	       May 04, 2005
postgresql vulnerabilities
CAN-2005-1409, CAN-2005-1410
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

postgresql
postgresql-contrib

The problem can be corrected by upgrading the affected package to
version 7.4.5-3ubuntu0.5 (for Ubuntu 4.10) and 7.4.7-2ubuntu2.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

It was discovered that unprivileged users were allowed to call
internal character conversion functions. However, since these
functions were not designed to be safe against malicious choices of
argument values, this could potentially be exploited to execute
arbitrary code with the privileges of the PostgreSQL server (user
"postgres"). (CAN-2005-1409)

Another vulnerability was found in the "tsearch2" module of
postgresql-contrib. This module declared several functions as
internal, although they did not accept any internal argument; this
breaks the type safety of "internal" by allowing users to construct
SQL commands that invoke other functions accepting "internal"
arguments. This could eventually be exploited to crash the server, or
possibly even execute arbitrary code with the privileges of the
PostgreSQL server. (CAN-2005-1410)

These vulnerabilities must also be fixed in all existing databases
when upgrading. The post-installation script of the updated package
attempts to do this automatically; if the package installs without any
error, all existing databases have been updated to be safe against
above vulnerabilities.  Should the installation fail, please contact
the Ubuntu security team (security@ubuntu.com) immediately.

[...]
Comment 1 Reinhard Max 2005-05-09 10:30:51 UTC 
Reported by me last week already, but no response from the security team yet.

*** This bug has been marked as a duplicate of 81678 ***
Comment 2 Thomas Biege 2009-10-13 21:22:11 UTC 
CVE-2005-1410: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)