Bug 82869 (CVE-2005-1410) - VUL-0: CVE-2005-1410: postgresql code execution
Summary: VUL-0: CVE-2005-1410: postgresql code execution
Status: RESOLVED DUPLICATE of bug 81678
Alias: CVE-2005-1410
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other All
: P5 - None : Normal
Target Milestone: ---
Assignee: Reinhard Max
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-1410: CVSS v2 Base Score: 2....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-05-09 10:27 UTC by Ludwig Nussel
Modified: 2021-11-08 12:13 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2005-05-09 10:27:07 UTC 
We received the following report via full-disclosure.
The issue is public.

Date: Wed, 4 May 2005 16:57:46 +0200
From: Martin Pitt <martin.pitt@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Subject: [Full-disclosure] [USN-118-1] PostgreSQL vulnerabilities
User-Agent: Mutt/1.5.9i
X-Spam-Level: 

===========================================================
Ubuntu Security Notice USN-118-1	       May 04, 2005
postgresql vulnerabilities
CAN-2005-1409, CAN-2005-1410
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

postgresql
postgresql-contrib

The problem can be corrected by upgrading the affected package to
version 7.4.5-3ubuntu0.5 (for Ubuntu 4.10) and 7.4.7-2ubuntu2.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

It was discovered that unprivileged users were allowed to call
internal character conversion functions. However, since these
functions were not designed to be safe against malicious choices of
argument values, this could potentially be exploited to execute
arbitrary code with the privileges of the PostgreSQL server (user
"postgres"). (CAN-2005-1409)

Another vulnerability was found in the "tsearch2" module of
postgresql-contrib. This module declared several functions as
internal, although they did not accept any internal argument; this
breaks the type safety of "internal" by allowing users to construct
SQL commands that invoke other functions accepting "internal"
arguments. This could eventually be exploited to crash the server, or
possibly even execute arbitrary code with the privileges of the
PostgreSQL server. (CAN-2005-1410)

These vulnerabilities must also be fixed in all existing databases
when upgrading. The post-installation script of the updated package
attempts to do this automatically; if the package installs without any
error, all existing databases have been updated to be safe against
above vulnerabilities.  Should the installation fail, please contact
the Ubuntu security team (security@ubuntu.com) immediately.

[...]
Comment 1 Reinhard Max 2005-05-09 10:30:51 UTC 
Reported by me last week already, but no response from the security team yet.

*** This bug has been marked as a duplicate of 81678 ***
Comment 2 Thomas Biege 2009-10-13 21:22:11 UTC 
CVE-2005-1410: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P)