Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
DB:POSTGRESQL:DATETIME-BO-1 |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
PostgreSQL Database Datetime Buffer Overflow 1 |
Release Date |
2015/12/14 |
Update Number |
2588 |
Supported Platforms |
idp-4.1+, isg-3.5+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
DB: PostgreSQL Database Datetime Buffer Overflow 1
A code execution vulnerability has been found in PostgreSQL database server. The vulnerability is due to a stack buffer overflow when handling the Datetime string. A remote attacker can exploit the vulnerability by sending a malicious request to the target server. Successful exploitation could cause a stack buffer overflow resulting in code execution in the context of the the affected service. Unsuccessful attacks can crash the target service process to cause a denial of service condition.
Extended Description
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
Affected Products
- Postgresql postgresql 8.4.1
- Postgresql postgresql 8.4.10
- Postgresql postgresql 8.4.11
- Postgresql postgresql 8.4.12
- Postgresql postgresql 8.4.13
- Postgresql postgresql 8.4.14
- Postgresql postgresql 8.4.15
- Postgresql postgresql 8.4.16
- Postgresql postgresql 8.4.17
- Postgresql postgresql 8.4.18
- Postgresql postgresql 8.4.19
- Postgresql postgresql 8.4.2
- Postgresql postgresql 8.4.3
- Postgresql postgresql 8.4.4
- Postgresql postgresql 8.4.5
- Postgresql postgresql 8.4.6
- Postgresql postgresql 8.4.7
- Postgresql postgresql 8.4.8
- Postgresql postgresql 8.4.9
- Postgresql postgresql 9.0
- Postgresql postgresql 9.0.1
- Postgresql postgresql 9.0.10
- Postgresql postgresql 9.0.11
- Postgresql postgresql 9.0.12
- Postgresql postgresql 9.0.13
- Postgresql postgresql 9.0.14
- Postgresql postgresql 9.0.15
- Postgresql postgresql 9.0.2
- Postgresql postgresql 9.0.3
- Postgresql postgresql 9.0.4
- Postgresql postgresql 9.0.5
- Postgresql postgresql 9.0.6
- Postgresql postgresql 9.0.7
- Postgresql postgresql 9.0.8
- Postgresql postgresql 9.0.9
- Postgresql postgresql 9.1
- Postgresql postgresql 9.1.1
- Postgresql postgresql 9.1.10
- Postgresql postgresql 9.1.11
- Postgresql postgresql 9.1.2
- Postgresql postgresql 9.1.3
- Postgresql postgresql 9.1.4
- Postgresql postgresql 9.1.5
- Postgresql postgresql 9.1.6
- Postgresql postgresql 9.1.7
- Postgresql postgresql 9.1.8
- Postgresql postgresql 9.1.9
- Postgresql postgresql 9.2
- Postgresql postgresql 9.2.1
- Postgresql postgresql 9.2.2
- Postgresql postgresql 9.2.3
- Postgresql postgresql 9.2.4
- Postgresql postgresql 9.2.5
- Postgresql postgresql 9.2.6
- Postgresql postgresql 9.3
- Postgresql postgresql 9.3.1
- Postgresql postgresql 9.3.2
References
- CVE: CVE-2014-0063