Summary
The host is running PostgreSQL and is prone to integer overflow vulnerability.
Impact
Successful exploitation could allow execution of specially-crafted sql query which once processed would lead to denial of service (postgresql daemon crash).
Impact Level: Application
Solution
Apply the patch,
http://git.postgresql.org/gitweb?p=postgresql.git
a=commitdiff
h=64b057e6823655fb6c5d1f24a28f236b94dd6c54
******
NOTE: Please ignore this warning if the patch is applied.
******
Insight
The flaw is due to an integer overflow error in 'src/backend/executor/nodeHash.c', when used to calculate size for the hashtable for joined relations.
Affected
PostgreSQL version 8.4.1 and prior and 8.5 through 8.5alpha2
References
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php
- http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php
- http://www.openwall.com/lists/oss-security/2010/03/16/10
- https://bugzilla.redhat.com/show_bug.cgi?id=546621
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-0733 -
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:N/A:P
Related Vulnerabilities