Vigil@nce - PostgreSQL: buffer overflow of intarray
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the intarray module is installed on PostgreSQL, an
authenticated attacker can create an overflow, in order to execute
code.
Severity: 2/4
Creation date: 01/02/2011
IMPACTED PRODUCTS
– Debian Linux
– Fedora
– Mandriva Corporate
– Mandriva Enterprise Server
– Mandriva Linux
– PostgreSQL
– Red Hat Enterprise Linux
DESCRIPTION OF THE VULNERABILITY
The intarray optional module adds PostgreSQL features to process
integer arrays.
The "@@" and " " operator detects if an array contains some
values. The format of the clause is:
array @@ query_int
For example, to detect if an integer array contain values 1, 2 or
3:
myArray @@ 1&(2|3)
However, if the query_int field is too long, a buffer overflow
occurs.
When the intarray module is installed on PostgreSQL, an
authenticated attacker can therefore create an overflow, in order
to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PostgreSQL-buffer-overflow-of-intarray-10320