Описание
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system was in a state that would cause the standard library functions to fail (for example, memory exhaustion), an authenticated user could possibly exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file.
Отчет
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | postgresql | Affected | ||
| CloudForms Management Engine 5 | postgresql92-postgresql | Affected | ||
| Red Hat Enterprise Linux 5 | postgresql | Affected | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Affected | ||
| Red Hat Satellite 5.7 | postgresql92 | Affected | ||
| Red Hat Enterprise Linux 6 | postgresql | Fixed | RHSA-2015:1194 | 29.06.2015 |
| Red Hat Enterprise Linux 7 | postgresql | Fixed | RHSA-2015:1194 | 29.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | postgresql92-postgresql | Fixed | RHSA-2015:1195 | 29.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-postgresql94-postgresql | Fixed | RHSA-2015:1196 | 29.06.2015 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS | postgresql92-postgresql | Fixed | RHSA-2015:1195 | 29.06.2015 |
Показывать по
Дополнительная информация
Статус:
4 Medium
CVSS2
Связанные уязвимости
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before ...
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
4 Medium
CVSS2