Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: a6055.htm

PostgreSQL Remote DoS condition
12th Mar 2003 [SBWID-6055]

	PostgreSQL Remote DoS condition


	versions 7.2.2 and previous


	In Mordred Labs advisory 0x0007:
	PostgreSQL is an advanced object-relational database  management  system
	that  supports  an  extended  subset  of  the  SQL  standard,  including
	transactions, foreign keys,  subqueries,  triggers,  user-defined  types
	and functions. Check for more information.
	Upon connecting to a database,  postmaster  will  fork  a  new  process.
	After that, a child process will call a
	src/backend/postmaster/postmaster.c:DoBackend() routine,
	which     after     processing      a      startup      packet      (see
	will invoke a src/backend/libpq/auth.c:ClientAuthentication() routine to
	perform client authentication. If  there  is  an  entry  in  pg_hba.conf
	file, that matches an attacker's host, an attacker could trigger
	invocation of src/backend/libpq/auth.c:recv_and_check_password0(), which
	fails to detect a DoS condition.
	Consider this snip of code from src/backend/libpq/auth.c:
	static int recv_and_check_password0(Port *port) {
		int32 len;
		char *buf;
		if (pq_getint(&len, 4) == EOF)
			return STATUS_EOF;
		len -= 4;
		buf = palloc(len); /* len is taken from a packet */
	Note, that the size of palloced memory is taken from the user's input.


	Disable network access for untrusted users.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH