|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
Keywords |
rPath Security Advisory: 2006-0080-1
|
|
Description |
PostgreSQL contains a flaw that may allow a malicious user to bypass security restrictions and execute arbitrary SQL commands. The issue is triggered due to an error when escaping ASCII single quote "'" characters (by turning them into "\'") and operating in multibyte encodings (e.g. SJIS, BIG5, GBK, GB18030, or UHC) that allow using the "0x5c" ASCII code (backslash) as the trailing byte of a multibyte character. It is possible that the flaw may allow SQL injection attacks resulting in a loss of confidentiality and integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Rumored / Private
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 7.3.15, 7.4.13, 8.0.8, 8.1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
PostgreSQL
 |
8.1.3 |
8.0.7 |
7.4.12 |
7.3.14 |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|