USN-1058-1Executive Summary
| Summary | |
|---|---|
| Title | PostgreSQL vulnerability |
| Informations | |||
|---|---|---|---|
| Name | USN-1058-1 | First vendor Publication | 2011-02-03 |
| Vendor | Ubuntu | Last vendor Modification | 2011-02-03 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 8 | Authentification | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postgresql-contrib-8.1 8.1.23-0ubuntu0.6.06.1 Ubuntu 8.04 LTS: postgresql-contrib-8.3 8.3.14-0ubuntu8.04 Ubuntu 9.10: postgresql-contrib-8.4 8.4.7-0ubuntu0.9.10 Ubuntu 10.04 LTS: postgresql-contrib-8.4 8.4.7-0ubuntu0.10.04 Ubuntu 10.10: postgresql-contrib-8.4 8.4.7-0ubuntu0.10.10 In general, a standard system update will make all the necessary changes. Details follow: Geoff Keating reported that a buffer overflow exists in the intarray module's input function for the query_int type. This could allow an attacker to cause a denial of service or possibly execute arbitrary code as the postgres user. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-1058-1 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-189 | Numeric Errors |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 70740 | PostgreSQL intarray Module contrib/intarray/_int_bool.c gettoken() Function O... |
(Medium)
