Bug#160673: marked as done (postgresql: OPAQUE security problem)

Debian Bug Tracking System Tue, 07 Jun 2005 01:11:10 -0700

Your message dated Tue, 7 Jun 2005 09:48:54 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Closing bugs that only affect woody
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Sep 2002 16:25:01 +0000
>From [EMAIL PROTECTED] Thu Sep 12 11:25:01 2002
Return-path: <[EMAIL PROTECTED]>
Received: from lists.cert.uni-stuttgart.de [129.69.16.16] 
        by master.debian.org with esmtp (Exim 3.12 1 (Debian))
        id 17pWm4-0007sb-00; Thu, 12 Sep 2002 11:25:00 -0500
Received: from rusfw by Lists.CERT.Uni-Stuttgart.DE with local (Exim 4.04)
        id 17pWlz-0005mu-00; Thu, 12 Sep 2002 18:24:55 +0200
Subject: postgresql: OPAQUE security problem
From: "Florian Weimer" <[EMAIL PROTECTED]>
To: "Debian Bug Tracking System" <[EMAIL PROTECTED]>
X-Mailer: reportbug 1.99.50
Date: Thu, 12 Sep 2002 18:24:55 +0200
Message-Id: <[EMAIL PROTECTED]>
Sender: Florian Weimer <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]

Package: postgresql
Version: 7.2.1-4
Severity: grave
Tags: security upstream
Justification: user security hole

A fundamental design problem in the backend code allows authenticated
users who are able to issue SQL statements to crash the backend or read
arbitrary memory.

rusfw=> SELECT byteain(134512640);
       byteain       
---------------------
 \177ELF\001\001\001
(1 row)

rusfw=> 

That's the start of the ELF header of the binary.

Of course, the offset differs from release to release, so you might have
to adjust it.

This is a fundamental design problem; it has been known for some time:

http://archives.postgresql.org/pgsql-bugs/2000-12/msg00084.php

There has been more discussion recently:

http://archives.postgresql.org/pgsql-hackers/2002-08/msg00708.php
http://archives.postgresql.org/pgsql-hackers/2002-08/msg01514.php

I'm not sure if there are any plans to fix it in 7.3, but I doubt it.
The required changes to the type model are not trivial, AFAIK.
As a consequence, you might want to downgrade this bug so that
PostgreSQL updates may propagate to testing.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux CERT 2.4.18-xfs-1.1 #2 Thu Jul 11 15:21:32 CEST 2002 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages postgresql depends on:
ii  adduser                       3.47       Add and remove users and groups
ii  debianutils                   1.16.3     Miscellaneous utilities specific t
ii  libc6                         2.2.5-14   GNU C Library: Shared libraries an
ii  libpam0g                      0.72-35    Pluggable Authentication Modules l
ii  libpgsql2                     7.2.1-4    Shared library libpq.so.2 for Post
ii  libreadline4                  4.3-4      GNU readline and history libraries
ii  libssl0.9.6                   0.9.6g-2   SSL shared libraries
ii  postgresql-client             7.2.1-4    Front-end programs for PostgreSQL
ii  procps                        1:2.0.7-10 The /proc file system utilities.
ii  python2.1                     2.1.3-4    An interactive object-oriented scr
ii  zlib1g                        1:1.1.4-3  compression library - runtime

-- no debconf information


---------------------------------------
Received: (at 160673-done) by bugs.debian.org; 7 Jun 2005 07:49:38 +0000
>From [EMAIL PROTECTED] Tue Jun 07 00:49:37 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail01.pironet-ndh.com [194.64.31.10] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DfYq8-0000wr-00; Tue, 07 Jun 2005 00:49:36 -0700
Received: from mail.fbn-dd.de (mail.fbn-dd.de [195.227.105.178])
        by mail01.pironet-ndh.com (Postfix) with ESMTP id 6F3F637876;
        Tue,  7 Jun 2005 09:48:55 +0200 (CEST)
Received: from sonne.intranet.fbn-dd.de 
(192-168-0-1.transfer-000.intranet.fbn-dd.de [192.168.0.1])
        by mail.fbn-dd.de (Postfix) with ESMTP
        id 562BB1F96F; Tue,  7 Jun 2005 09:48:55 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
        by sonne.intranet.fbn-dd.de (Postfix) with ESMTP
        id 201391FA89; Tue,  7 Jun 2005 09:48:55 +0200 (CEST)
Received: from sonne.intranet.fbn-dd.de (localhost [127.0.0.1])
        by localhost (AvMailGate-2.0.1.16) id 21109-56297235;
        Tue, 07 Jun 2005 09:48:54 +0200
Received: from localhost.localdomain (10-28-130-200.intranet-28-130.fbn-dd.de 
[10.28.130.200])
        by sonne.intranet.fbn-dd.de (Postfix) with ESMTP
        id 8BDF81F9F5; Tue,  7 Jun 2005 09:48:54 +0200 (CEST)
Received: by localhost.localdomain (Postfix, from userid 1000)
        id B7B00300B; Tue,  7 Jun 2005 09:48:54 +0200 (CEST)
Date: Tue, 7 Jun 2005 09:48:54 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED], [EMAIL PROTECTED],
        [EMAIL PROTECTED]
Subject: Closing bugs that only affect woody
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="L2Brqb15TUChFOBK"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.16; AVE: 6.30.0.15; 
VDF: 6.30.0.235; host: sonne)
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-CrossAssassin-Score: 5


--L2Brqb15TUChFOBK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi!

This bug only affects the Debian Woody version of PostgreSQL. Now the
next stable Debian version "Sarge" is released, thus it does not make
any sense any more to keep them open.

Thanks and have a nice day,

Martin
--=20
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

--L2Brqb15TUChFOBK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCpVFmDecnbV4Fd/IRArbTAJ9oiazDVlKpIZK9ZRi9RoZ2WR3ILwCdGZLX
4ORfiONUOAUih/3LKuYeEwE=
=BYdb
-----END PGP SIGNATURE-----

--L2Brqb15TUChFOBK--


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#160673: marked as done (postgresql: OPAQUE security problem)

Reply via email to