Gentoo Logo

PostgreSQL: Multiple vulnerabilities


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200502-08 / postgresql
Release Date February 07, 2005
Latest Revision June 26, 2007: 06
Impact normal
Exploitable remote and local
Package Vulnerable versions Unaffected versions Architecture(s)
dev-db/postgresql < 7.3.10, < 7.4.7, < 8.0.1 = 7.3*, = 7.4*, >= 8.0.1 All supported architectures

Related bugreports: #80342


PostgreSQL contains several vulnerabilities which could lead to execution of arbitrary code, Denial of Service and security bypass.

2.  Impact Information


PostgreSQL is a SQL compliant, open source object-relational database management system.


PostgreSQL's contains several vulnerabilities:

  • John Heasman discovered that the LOAD extension is vulnerable to local privilege escalation (CAN-2005-0227).
  • It is possible to bypass the EXECUTE permission check for functions (CAN-2005-0244).
  • The PL/PgSQL parser is vulnerable to heap-based buffer overflow (CAN-2005-0244).
  • The intagg contrib module is vulnerable to a Denial of Service (CAN-2005-0246).


An attacker could exploit this to execute arbitrary code with the privileges of the PostgreSQL server, bypass security restrictions and crash the server.

3.  Resolution Information


There is no know workaround at this time.


All PostgreSQL users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose dev-db/postgresql

4.  References


Page updated February 07, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.