CVE-2005-0247
CVSS6.5
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:09:05
NMCO    

[原文]Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.


[CNNVD]PostgreSQL多个远程漏洞(CNNVD-200505-781)

        PostgreSQL 8.0.1及更早版本中的gram.y存在多个缓冲区溢出,攻击者可以通过(1)由read_sql_construct函数处理的SQL语句中的大量的变量, (2)由make_select_stmta函数处理的SELECT语句中的大量INTO变量,(3)由make_select_stmt函数处理的SELECT语句中的大量任意变量,以及(4)由make_fetch_stmt函数处理的FETCH语句中的大量INTO变量,来执行任意代码,是和CVE-2005-0245不同的一组漏洞。

- CVSS (基础分值)

CVSS分值: 6.5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:postgresql:postgresql:7.2.6
cpe:/a:postgresql:postgresql:7.3.5
cpe:/a:postgresql:postgresql:7.4.4PostgreSQL PostgreSQL 7.4.4
cpe:/a:postgresql:postgresql:7.2.5
cpe:/a:postgresql:postgresql:7.3.4
cpe:/a:postgresql:postgresql:7.4.3PostgreSQL PostgreSQL 7.4.3
cpe:/a:postgresql:postgresql:7.2.4
cpe:/a:postgresql:postgresql:7.3.3
cpe:/a:postgresql:postgresql:7.4.2PostgreSQL PostgreSQL 7.4.2
cpe:/a:postgresql:postgresql:7.2.3
cpe:/a:postgresql:postgresql:7.3.2
cpe:/a:postgresql:postgresql:7.4.1PostgreSQL PostgreSQL 7.4.1
cpe:/a:postgresql:postgresql:7.3.9
cpe:/a:postgresql:postgresql:7.3.8
cpe:/a:postgresql:postgresql:7.4.7PostgreSQL PostgreSQL 7.4.7
cpe:/a:postgresql:postgresql:7.3.7
cpe:/a:postgresql:postgresql:7.4.6PostgreSQL PostgreSQL 7.4.6
cpe:/a:postgresql:postgresql:7.2.7
cpe:/a:postgresql:postgresql:7.3.6
cpe:/a:postgresql:postgresql:7.4.5PostgreSQL PostgreSQL 7.4.5
cpe:/a:postgresql:postgresql:8.0.1PostgreSQL PostgreSQL 8.0.1
cpe:/a:postgresql:postgresql:8.0.0
cpe:/a:postgresql:postgresql:7.2.2
cpe:/a:postgresql:postgresql:7.3.1
cpe:/a:postgresql:postgresql:7.2.1
cpe:/a:postgresql:postgresql:7.4PostgreSQL PostgreSQL 7.4
cpe:/a:postgresql:postgresql:7.3 PostgreSQL 7.3
cpe:/a:postgresql:postgresql:7.2 PostgreSQL 7.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9345Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0247
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0247
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-781
(官方数据源) CNNVD

- 其它链接及资源

http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
(PATCH)  MLIST  [pgsql-committers] 20050207 pgsql: Prevent 4 more buffer overruns in the PL/PgSQL parser.
http://marc.info/?l=bugtraq&m=110806034116082&w=2
(UNKNOWN)  BUGTRAQ  20050210 [USN-79-1] PostgreSQL vulnerabilities
http://www.debian.org/security/2005/dsa-683
(UNKNOWN)  DEBIAN  DSA-683
http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200502-19
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
(UNKNOWN)  MANDRAKE  MDKSA-2005:040
http://www.novell.com/linux/security/advisories/2005_27_postgresql.html
(VENDOR_ADVISORY)  SUSE  SUSE-SA:2005:027
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
(UNKNOWN)  SUSE  SUSE-SA:2005:036
http://www.redhat.com/support/errata/RHSA-2005-138.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:138
http://www.redhat.com/support/errata/RHSA-2005-150.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:150
http://www.securityfocus.com/bid/12417
(UNKNOWN)  BID  12417
http://xforce.iss.net/xforce/xfdb/19375
(PATCH)  XF  postgresql-readsqlconstruct-bo(19375)
http://xforce.iss.net/xforce/xfdb/19376
(PATCH)  XF  postgresql-makeselectstmt-input-bo(19376)
http://xforce.iss.net/xforce/xfdb/19377
(PATCH)  XF  postgresql-makeselectstmt-arbitrary-bo(19377)
http://xforce.iss.net/xforce/xfdb/19378
(PATCH)  XF  postgresql-fetch-makefetchstmt-bo(19378)

- 漏洞信息

PostgreSQL多个远程漏洞
中危 缓冲区溢出
2005-05-02 00:00:00 2009-02-03 00:00:00
远程  
        PostgreSQL 8.0.1及更早版本中的gram.y存在多个缓冲区溢出,攻击者可以通过(1)由read_sql_construct函数处理的SQL语句中的大量的变量, (2)由make_select_stmta函数处理的SELECT语句中的大量INTO变量,(3)由make_select_stmt函数处理的SELECT语句中的大量任意变量,以及(4)由make_fetch_stmt函数处理的FETCH语句中的大量INTO变量,来执行任意代码,是和CVE-2005-0245不同的一组漏洞。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        RedHat Fedora Core2
        RedHat postgresql-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-contrib-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-contrib-7.4.7-1.FC2.2.x86_64.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-debuginfo-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-debuginfo-7.4.7-1.FC2.2.x86_64.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-devel-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-devel-7.4.7-1.FC2.2.x86_64.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-docs-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-docs-7.4.7-1.FC2.2.x86_64.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-jdbc-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-jdbc-7.4.7-1.FC2.2.x86_64.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-libs-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-libs-7.4.7-1.FC2.2.x86_64.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-pl-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-pl-7.4.7-1.FC2.2.x86_64.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-python-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-python-7.4.7-1.FC2.2.x86_64.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-server-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-server-7.4.7-1.FC2.2.x86_64.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-tcl-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-tcl-7.4.7-1.FC2.2.x86_64.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-test-7.4.7-1.FC2.2.i386.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat postgresql-test-7.4.7-1.FC2.2.x86_64.rpm
        Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat Fedora Core3
        RedHat postgresql-7.4.7-1.FC3.2.i386.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat postgresql-7.4.7-1.FC3.2.x86_64.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat postgresql-contrib-7.4.7-1.FC3.2.i386.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat postgresql-contrib-7.4.7-1.FC3.2.x86_64.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat postgresql-debuginfo-7.4.7-1.FC3.2.i386.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat postgresql-debuginfo-7.4.7-1.FC3.2.x86_64.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat postgresql-devel-7.4.7-1.FC3.2.i386.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat postgresql-devel-7.4.7-1.FC3.2.x86_64.rpm
        Fedora Core 3
        http://

- 漏洞信息

13893
PostgreSQL read_sql_construct SQL Variables Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站