PostgreSQL: denial of service via enum_recv
Synthesis of the vulnerability
An authenticated attacker can call enum_recv, in order to read the memory of PostgreSQL, or to stop it.Impacted products: Debian
, Mandriva Linux
907892, BID-57844, CERTA-2013-AVI-103, CVE-2013-0255, DSA-2630-1, FEDORA-2013-2123, FEDORA-2013-2152, MDVSA-2013:012, MDVSA-2013:142, openSUSE-SU-2013:0318-1, openSUSE-SU-2013:0319-1, RHSA-2013:1475-01, VIGILANCE-VUL-12390.
Description of the vulnerability
PostgreSQL supports enumerated types. For example:
CREATE TYPE color AS ENUM ('red', 'green', 'blue');
The enum_recv function reads an enumerated type. However, it is not correctly declared, and it can read outside an array.
An authenticated attacker can therefore call enum_recv, in order to read the memory of PostgreSQL, or to stop it.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides an applications vulnerabilities database
. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.