|
|
CVE Reference: CVE-2005-0247 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-0247 |
|
|
Description: Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/19378 http://xforce.iss.net/xforce/xfdb/19377 http://xforce.iss.net/xforce/xfdb/19376 http://xforce.iss.net/xforce/xfdb/19375 SUSE http://www.novell.com/linux/security/advisories/2005_36_sudo.html http://www.novell.com/linux/security/advisories/2005_27_postgresql.html REDHAT http://www.redhat.com/support/errata/RHSA-2005-150.html http://www.redhat.com/support/errata/RHSA-2005-138.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9345 MLIST http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2005:040 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml DEBIAN http://www.debian.org/security/2005/dsa-683 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=110806034116082&w=2 BID 12417 |
|
| Return to the previous page. |
