Vigil@nce: PostgreSQL, denial of service via the encoding conversion
March 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker authenticated on PostgreSQL can generate an error
during the character encoding conversion in order to create a
temporary denial of service.
Gravity: 1/4
Consequences: denial of service of service
Provenance: user account
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 18/03/2009
IMPACTED PRODUCTS
– PostgreSQL
DESCRIPTION OF THE VULNERABILITY
The "CREATE DEFAULT CONVERSION" command is a PostgreSQL extension
to define a conversion between character encodings (LATIN1, UTF8,
etc.).
When an error occurs, PostgreSQL returns an error message to the
client, which is converted in his encoding (defined by "set
client_encoding"). This conversion is done by conversion functions
defined by "CREATE DEFAULT CONVERSION".
However, a local attacker can use "CREATE DEFAULT CONVERSION" to
create an invalid function. Then, the next error uses this invalid
function, which creates an error, etc. An infinite recursion thus
occurs and temporarily locks the database.
An attacker authenticated on PostgreSQL can therefore generate an
error during the character encoding conversion in order to create
a temporary denial of service.
CHARACTERISTICS
Identifiers: 488156, BID-34090, CVE-2009-0922, VIGILANCE-VUL-8542
http://vigilance.fr/vulnerability/PostgreSQL-denial-of-service-via-the-encoding-conversion-8542