Login
Newsletter
Werbung

Sicherheit: Ausführen beliebigen Codes in postgresql
Aktuelle Meldungen Distributionen
Name: Ausführen beliebigen Codes in postgresql
ID: USN-71-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10
Datum: Mi, 2. Februar 2005, 12:00
Referenzen: http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
Applikationen: PostgreSQL

Originalnachricht

===========================================================
Ubuntu Security Notice USN-71-1 February 01, 2005
postgresql vulnerability
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

postgresql

The problem can be corrected by upgrading the affected package to
version 7.4.5-3ubuntu0.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

John Heasman discovered a local privilege escalation in the PostgreSQL
server. Any user could use the LOAD extension to load any shared
library into the PostgreSQL server; the library's initialisation
function was then executed with the permissions of the server.

Now the use of LOAD is restricted to the database superuser (usually
'postgres').

Note: Since there is no way for normal database users to create
arbitrary files, this vulnerability is not exploitable remotely, e. g.
by uploading a shared library in the form of a Binary Large Object
(BLOB) to a public web server.

Source archives:

postgresql_7.4.5-3ubuntu0.2.diff.gz
Size/MD5: 144331 061cf00128bc3c1941c72d2eddf56977
postgresql_7.4.5-3ubuntu0.2.dsc
Size/MD5: 991 41e775db9e1ed15977b3f4d24c861f36
postgresql_7.4.5.orig.tar.gz
Size/MD5: 9895913 a295885a36ed8e7ec7a7e887218ceabc

Architecture independent packages:

postgresql-doc_7.4.5-3ubuntu0.2_all.deb
Size/MD5: 2256210 e7ed26ba038d1fbcf9eb18a4635df708

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libecpg-dev_7.4.5-3ubuntu0.2_amd64.deb
Size/MD5: 206558 7d450c33ad8832f45a0f57743ca5ac1d
libecpg4_7.4.5-3ubuntu0.2_amd64.deb
Size/MD5: 90996 3e6974e82554158777071c9f6bde9962
libpgtcl-dev_7.4.5-3ubuntu0.2_amd64.deb
Size/MD5: 48688 0c24596c6dcd9fffdde1a494030287ac
libpgtcl_7.4.5-3ubuntu0.2_amd64.deb
Size/MD5: 73600 1eec6f8812e7d1c8ec94e77c2208a9ec
libpq3_7.4.5-3ubuntu0.2_amd64.deb
Size/MD5: 115460 4eda86cf4da1b60166f5cd53256aca97
postgresql-client_7.4.5-3ubuntu0.2_amd64.deb
Size/MD5: 518034 45199e8357f4ea6a196e43e793d07d33
postgresql-contrib_7.4.5-3ubuntu0.2_amd64.deb
Size/MD5: 624240 59ed8ddaf5370496988324f4f3f45f36
postgresql-dev_7.4.5-3ubuntu0.2_amd64.deb
Size/MD5: 509206 40ea9487834de0da7ba0260b16f80ac2
postgresql_7.4.5-3ubuntu0.2_amd64.deb
Size/MD5: 3879368 d567092150ef9174531f9ef7eedb9582

i386 architecture (x86 compatible Intel/AMD)

libecpg-dev_7.4.5-3ubuntu0.2_i386.deb
Size/MD5: 194652 e63083e7b68e5facb1095759463304c7
libecpg4_7.4.5-3ubuntu0.2_i386.deb
Size/MD5: 85496 b02590e1b40c0d36c964a15c3178f61b
libpgtcl-dev_7.4.5-3ubuntu0.2_i386.deb
Size/MD5: 47672 848a3c03541c57fb747c8e1a8409e01e
libpgtcl_7.4.5-3ubuntu0.2_i386.deb
Size/MD5: 70420 8e844642c37fd185e19c8be284a2c93b
libpq3_7.4.5-3ubuntu0.2_i386.deb
Size/MD5: 108692 cb71f14954af869699969808c93d9fcc
postgresql-client_7.4.5-3ubuntu0.2_i386.deb
Size/MD5: 491886 b47e1d26705e55383183da67a4b505b8
postgresql-contrib_7.4.5-3ubuntu0.2_i386.deb
Size/MD5: 577526 00ad106981042d223814f0ed1034aeda
postgresql-dev_7.4.5-3ubuntu0.2_i386.deb
Size/MD5: 502382 54821c8808ade7e2978f02922a6c2b72
postgresql_7.4.5-3ubuntu0.2_i386.deb
Size/MD5: 3703024 4d49d93be88f347ebefe8be89ff3cdd5

powerpc architecture (Apple Macintosh G3/G4/G5)

libecpg-dev_7.4.5-3ubuntu0.2_powerpc.deb
Size/MD5: 202940 9d87386c926643474fdb6b703109db78
libecpg4_7.4.5-3ubuntu0.2_powerpc.deb
Size/MD5: 92520 b99191130ca5ed5474c7c82d1ba9b5cc
libpgtcl-dev_7.4.5-3ubuntu0.2_powerpc.deb
Size/MD5: 48424 cee70313e677ff9d3fee835aca786133
libpgtcl_7.4.5-3ubuntu0.2_powerpc.deb
Size/MD5: 77096 d6c9229a48c07118df4593fb52262285
libpq3_7.4.5-3ubuntu0.2_powerpc.deb
Size/MD5: 109698 cdeb831525fd57b7b92d583bdd3f1161
postgresql-client_7.4.5-3ubuntu0.2_powerpc.deb
Size/MD5: 510802 a489315d0c0edb6e4a5058d3e5e8e399
postgresql-contrib_7.4.5-3ubuntu0.2_powerpc.deb
Size/MD5: 636382 f8ad13620901007dd7079761e8fee568
postgresql-dev_7.4.5-3ubuntu0.2_powerpc.deb
Size/MD5: 505916 aa6789978d07d4156d30cda072cc9755
postgresql_7.4.5-3ubuntu0.2_powerpc.deb
Size/MD5: 4102894 3d4a7b34aef6a70ccfb7e3de3a646643





--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung