CVE-2005-0247 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-0247
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-0247

Description: Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/19378 http://xforce.iss.net/xforce/xfdb/19377 http://xforce.iss.net/xforce/xfdb/19376 http://xforce.iss.net/xforce/xfdb/19375 SUSE http://www.novell.com/linux/security/advisories/2005_36_sudo.html http://www.novell.com/linux/security/advisories/2005_27_postgresql.html REDHAT http://www.redhat.com/support/errata/RHSA-2005-150.html http://www.redhat.com/support/errata/RHSA-2005-138.html MLIST http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php MANDRAKE http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:040 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml DEBIAN http://www.debian.org/security/2005/dsa-683 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=110806034116082&w=2 BID 12417

Return to the previous page.