Wind River Support Network

HomeDefectsLIN6-10109
Fixed

LIN6-10109 : Security Advisory - postgresql - CVE-2015-0244

Created: Jul 7, 2015    Updated: Dec 3, 2018
Resolved Date: Jul 8, 2015
Previous ID: LIN4-32857
Found In Version: 6.0.0.20
Fix Version: 6.0.0.23
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

The PostgreSQL project reports the following issue:

If any error occurred while the server was in the middle of reading a protocol message from the client, it could lose synchronization and incorrectly try to interpret part of the message's data as a new protocol message. An attacker able to submit crafted binary data within a command parameter might succeed in injecting his own SQL commands this way. Statement timeout and query cancellation are the most likely sources of errors triggering this scenario. Particularly vulnerable are applications that use a timeout and also submit arbitrary user-crafted data as binary query parameters. Disabling statement timeout will reduce, but not eliminate, the risk of exploit.


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244

Other Downloads


Live chat
Online