FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6b4b0b3f-8127-11d9-a9e7-0001020eed82postgresql -- multiple buffer overflows in PL/PgSQL parser

The PL/PgSQL parser in postgresql is vulnerable to several buffer overflows. These could be exploited by a remote attacker to execute arbitrary code with the permissions of the postgresql server by running a specially crafted query.


Discovery 2005-02-07
Entry 2005-02-17
Modified 2005-02-19
postgresql
postgresql-server
ja-postgresql
< 7.3.9_1

gt 7.4.* lt 7.4.7_1

gt 8.* lt 8.0.1_1

CVE-2005-0247
http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
486aff57-9ecd-11da-b410-000e0c2e438apostgresql -- character conversion and tsearch2 vulnerabilities

The postgresql development team reports:

The more severe of the two errors is that the functions that support client-to-server character set conversion can be called from SQL commands by unprivileged users, but these functions are not designed to be safe against malicious choices of argument values. This problem exists in PostgreSQL 7.3.* through 8.0.*. The recommended fix is to disable public EXECUTE access for these functions. This does not affect normal usage of the functions for character set conversion, but it will prevent misuse.

The other error is that the contrib/tsearch2 module misdeclares several functions as returning type "internal" when they do not have any "internal" argument. This breaks the type safety of "internal" by allowing users to construct SQL commands that invoke other functions accepting "internal" arguments. The consequences of this have not been investigated in detail, but it is certainly at least possible to crash the backend.


Discovery 2005-05-02
Entry 2006-02-16
postgresql
ge 7.2.0 lt 7.2.8

ge 7.3.0 lt 7.3.10

ge 7.4.0 lt 7.4.8

ge 8.0.0 lt 8.0.3

CAN-2005-1409
CAN-2005-1410
http://www.postgresql.org/about/news.315
65c8ecf9-2adb-11db-a6e2-000e0c2e438apostgresql -- multiple vulnerabilities

Multiple vulnerabilities had been reported in various versions of PostgreSQL:

  • The EXECUTE restrictions can be bypassed by using the AGGREGATE function, which is missing a permissions check.
  • A buffer overflow exists in gram.y which could allow an attacker to execute arbitrary code by sending a large number of arguments to a refcursor function, found in gram.y
  • The intagg contributed module allows an attacker to crash the server (Denial of Service) by constructing a malicious crafted array.

Discovery 2005-02-01
Entry 2006-08-13
postgresql
postgresql-server
ja-postgresql
ge 7.2 lt 7.2.7

ge 7.3 lt 7.3.9

ge 7.4 lt 7.4.7

ge 8.0.0 lt 8.0.1

CVE-2005-0244
CVE-2005-0245
CVE-2005-0246
http://secunia.com/advisories/12948
5d425189-7a03-11d9-a9e7-0001020eed82postgresql -- privilege escalation vulnerability

John Heasman and others disovered that non-privileged users could use the LOAD extension to load arbitrary libraries into the postgres server process space. This could be used by non-privileged local users to execute arbitrary code with the privileges of the postgresql server.


Discovery 2005-01-21
Entry 2005-02-08
postgresql
postgresql-server
ja-postgresql
< 7.3.9

gt 7.4.* lt 7.4.7

gt 8.* lt 8.0.1

postgresql-devel
le 8.0.1,1

12411
CVE-2005-0227
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php