55714 – (CVE-2004-0547) VUL-0: CVE-2004-0547: buffer overflow in postgresql

Bug 55714 (CVE-2004-0547) - VUL-0: CVE-2004-0547: buffer overflow in postgresql

Summary: VUL-0: CVE-2004-0547: buffer overflow in postgresql

Status:	RESOLVED FIXED
Duplicates (1):	56713 (view as bug list)

Alias:	CVE-2004-0547

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2004-0547: CVSS v2 Base Score: 5....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2004-05-17 21:00 UTC by Ludwig Nussel
Modified:	2021-10-14 08:36 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
proposed patch from debian (5.98 KB, patch) 2004-05-17 21:01 UTC, Sebastian Krahmer	Details \| Diff
proposed patchinfo for <= 8.1 (728 bytes, text/plain) 2004-05-18 21:44 UTC, Ludwig Nussel	Details
proposed patchinfo for 8.2+ (738 bytes, text/plain) 2004-05-18 21:45 UTC, Ludwig Nussel	Details
proposed patchinfo for sles8 (552 bytes, text/plain) 2004-05-18 21:46 UTC, Ludwig Nussel	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2004-05-17 21:00:06 UTC

Date: Sun, 16 May 2004 08:57:45 +0200
From: Martin Schulze <joey@infodrom.org>
To: vendor-sec@lst.de
Subject: [vendor-sec] Problem in PostgreSQL/ODBC
Parts/Attachments:
   1 Shown     19 lines  Text
   2   OK     169 lines  Text
----------------------------------------

A buffer overflow has been discovered in the ODBC driver of PostgreSQL,
an object-relational SQL database, descended from POSTGRES.  It possible
to exploit this problem and crash the surrounding application.  Hence, a
PHP script using php4-odbc can be utilised to crash the surrounding
Apache webserver.  Other parts of postgresql are not affected.

This problem was reported through the Debian Bug Tracking System:
http://bugs.debian.org/247306

Our maintainer has already informed upstream and sent them a patch.

I'm including the patch against version 7.2.1.

Regards,
Joey

Comment 1 Sebastian Krahmer 2004-05-17 21:00:06 UTC

<!-- SBZ_reproduce  -->
...

Comment 2 Sebastian Krahmer 2004-05-17 21:01:48 UTC

Created attachment 19739 [details]
proposed patch from debian

...

Comment 3 Sebastian Krahmer 2004-05-18 17:39:09 UTC

Huh, what was the package name again?? I think I edited the field
when I made the entyr but it seemed to disappear. It was some odd name...

Comment 4 Reinhard Max 2004-05-18 17:52:35 UTC

It depends on what version(s) we are talking about.
Previously it was a subpackage of postgresql called postgresql-odbc, but then it
became a separate project, and so I put it into a separate package and gave it
the same name as the project: psqlODBC.

Comment 5 Sebastian Krahmer 2004-05-18 17:55:03 UTC

So we need different patchinfo files?

Comment 6 Reinhard Max 2004-05-18 18:00:32 UTC

I think so, but I am not so familiar with patchinfo files.
BTW, which versions are affected?

Comment 7 Sebastian Krahmer 2004-05-18 18:06:45 UTC

We will create patchinfo files, if you tell us which packages for
which distros you checked in :-)
The patch is probably needed for any version that has
make_string(const char *s, int len, char *buf) since they add a size
parameter in the patch.

Comment 8 Reinhard Max 2004-05-18 18:11:52 UTC

postgresql-odbc for all SLES8/UL1 and the box up to 8.1
psqlODBC for SLS9 and the box starting from 8.2

Comment 9 Ludwig Nussel 2004-05-18 21:08:00 UTC

will SLES9 include the fixed package or is a patchinfo for that required as 
well?

Comment 10 Reinhard Max 2004-05-18 21:16:45 UTC

No patchinfo is needed for SLES9, because it hasn't been released yet.

Comment 11 Ludwig Nussel 2004-05-18 21:44:30 UTC

Created attachment 19838 [details]
proposed patchinfo for <= 8.1

Comment 12 Ludwig Nussel 2004-05-18 21:45:19 UTC

Created attachment 19839 [details]
proposed patchinfo for  8.2+

Comment 13 Ludwig Nussel 2004-05-18 21:46:05 UTC

Created attachment 19840 [details]
proposed patchinfo for  sles8

Comment 14 Ludwig Nussel 2004-05-24 17:38:33 UTC

are you making progress with integrating the patch into the packages?

Comment 15 Reinhard Max 2004-05-24 17:41:44 UTC

Yes, SLES8 is done, but not yet submitted.

Comment 16 Reinhard Max 2004-05-25 22:50:43 UTC

Submitted packages for 8.0, sles8/8.1, 8.2, 9.0, 9.1/sles9, and STABLE.

Comment 17 Ludwig Nussel 2004-05-26 17:11:32 UTC

<!-- SBZ_reopen -->Reopened by lnussel@suse.de at Wed May 26 11:11:32 2004, took initial reporter krahmer@suse.de to cc

Comment 18 Ludwig Nussel 2004-05-26 17:11:32 UTC

reopen to reassign to security-team for further tracking

Comment 19 Thomas Biege 2004-05-28 17:20:34 UTC

Thanks...

Comment 20 Ludwig Nussel 2004-06-07 17:05:52 UTC

*** Bug 56713 has been marked as a duplicate of this bug. ***

Comment 21 Thomas Biege 2004-06-29 19:43:28 UTC

packages approved

Comment 22 Marcus Meissner 2007-10-29 19:24:59 UTC

CVE-2004-0547

Comment 23 Thomas Biege 2009-10-13 20:22:48 UTC

CVE-2004-0547: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)