<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Full Disclosure: [USN-71-1] PostgreSQL vulnerability

[USN-71-1] PostgreSQL vulnerability

From: Martin Pitt <martin.pitt_at_canonical.com>
Date: Tue, 1 Feb 2005 15:14:48 +0100

===========================================================
Ubuntu Security Notice USN-71-1 February 01, 2005
postgresql vulnerability
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

postgresql

The problem can be corrected by upgrading the affected package to
version 7.4.5-3ubuntu0.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

John Heasman discovered a local privilege escalation in the PostgreSQL
server. Any user could use the LOAD extension to load any shared
library into the PostgreSQL server; the library's initialisation
function was then executed with the permissions of the server.

Now the use of LOAD is restricted to the database superuser (usually
'postgres').

Note: Since there is no way for normal database users to create
arbitrary files, this vulnerability is not exploitable remotely, e. g.
by uploading a shared library in the form of a Binary Large Object
(BLOB) to a public web server.

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.2.diff.gz
      Size/MD5: 144331 061cf00128bc3c1941c72d2eddf56977
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.2.dsc
      Size/MD5: 991 41e775db9e1ed15977b3f4d24c861f36
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5.orig.tar.gz
      Size/MD5: 9895913 a295885a36ed8e7ec7a7e887218ceabc

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-doc_7.4.5-3ubuntu0.2_all.deb
Size/MD5: 2256210 e7ed26ba038d1fbcf9eb18a4635df708

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.2_amd64.deb
      Size/MD5: 206558 7d450c33ad8832f45a0f57743ca5ac1d
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.2_amd64.deb
      Size/MD5: 90996 3e6974e82554158777071c9f6bde9962
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.2_amd64.deb
      Size/MD5: 48688 0c24596c6dcd9fffdde1a494030287ac
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.2_amd64.deb
      Size/MD5: 73600 1eec6f8812e7d1c8ec94e77c2208a9ec
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.2_amd64.deb
      Size/MD5: 115460 4eda86cf4da1b60166f5cd53256aca97
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.2_amd64.deb
      Size/MD5: 518034 45199e8357f4ea6a196e43e793d07d33
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.2_amd64.deb
      Size/MD5: 624240 59ed8ddaf5370496988324f4f3f45f36
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.2_amd64.deb
      Size/MD5: 509206 40ea9487834de0da7ba0260b16f80ac2
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.2_amd64.deb
      Size/MD5: 3879368 d567092150ef9174531f9ef7eedb9582

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.2_i386.deb
      Size/MD5: 194652 e63083e7b68e5facb1095759463304c7
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.2_i386.deb
      Size/MD5: 85496 b02590e1b40c0d36c964a15c3178f61b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.2_i386.deb
      Size/MD5: 47672 848a3c03541c57fb747c8e1a8409e01e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.2_i386.deb
      Size/MD5: 70420 8e844642c37fd185e19c8be284a2c93b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.2_i386.deb
      Size/MD5: 108692 cb71f14954af869699969808c93d9fcc
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.2_i386.deb
      Size/MD5: 491886 b47e1d26705e55383183da67a4b505b8
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.2_i386.deb
      Size/MD5: 577526 00ad106981042d223814f0ed1034aeda
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.2_i386.deb
      Size/MD5: 502382 54821c8808ade7e2978f02922a6c2b72
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.2_i386.deb
      Size/MD5: 3703024 4d49d93be88f347ebefe8be89ff3cdd5

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg-dev_7.4.5-3ubuntu0.2_powerpc.deb
      Size/MD5: 202940 9d87386c926643474fdb6b703109db78
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libecpg4_7.4.5-3ubuntu0.2_powerpc.deb
      Size/MD5: 92520 b99191130ca5ed5474c7c82d1ba9b5cc
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl-dev_7.4.5-3ubuntu0.2_powerpc.deb
      Size/MD5: 48424 cee70313e677ff9d3fee835aca786133
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpgtcl_7.4.5-3ubuntu0.2_powerpc.deb
      Size/MD5: 77096 d6c9229a48c07118df4593fb52262285
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/libpq3_7.4.5-3ubuntu0.2_powerpc.deb
      Size/MD5: 109698 cdeb831525fd57b7b92d583bdd3f1161
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-client_7.4.5-3ubuntu0.2_powerpc.deb
      Size/MD5: 510802 a489315d0c0edb6e4a5058d3e5e8e399
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql/postgresql-contrib_7.4.5-3ubuntu0.2_powerpc.deb
      Size/MD5: 636382 f8ad13620901007dd7079761e8fee568
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql-dev_7.4.5-3ubuntu0.2_powerpc.deb
      Size/MD5: 505916 aa6789978d07d4156d30cda072cc9755
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql/postgresql_7.4.5-3ubuntu0.2_powerpc.deb
      Size/MD5: 4102894 3d4a7b34aef6a70ccfb7e3de3a646643

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

application/pgp-signature attachment: Digital signature

Received on Feb 01 2005

This message: [ Message body ]
Next message: Andrew Farmer: "Re: Remotely exploitable buffer overflow vulnerability in Savant Web Server 3.1"
Previous message: alphademon: "Call For Papers : HITB Security Conference Bahrain 2005"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]