Sponsor
FREE Network Mapping Tool for Microsoft® Office Visio® Professional 2007
Don't map your network by hand - let LANsurveyor Exx press for Microsoft Visio Professional 2007 automatically create network diagrams for you!

Re: [BUGS] Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10: msg#00017

db.postgresql.odbc

Subject:	Re: [BUGS] Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)

Martin Pitt wrote:
> A week ago we at Debian received the bug report below: due to a
> buffer overflow in psqlodbc it is possible to crash (and possibly
> exploit) apache. I already sent this mail to the psqlodbc list [1],
> but unfortunately got no response so far. So maybe there are some
> hackers here who can help with this?

The problem is that the ODBC driver just writes the long user name or
password into its internal data structures without paying attention the
fact that it's only got 256 bytes of space. (function PGAPI_Connect in
file connection.c) It's the oldest bug in the book really.

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

<Prev in Thread]	Current Thread	[Next in Thread>

Previous by Date:	Updating a ADO RecordSet with INNER JOIN..., Thomas LeBlanc
Next by Date:	Bug#247306: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)], Martin Pitt
Previous by Thread:	Updating a ADO RecordSet with INNER JOIN..., Thomas LeBlanc
Next by Thread:	Bug#247306: Fix for buffer overflow ready [was: Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes)], Martin Pitt
Indexes:	[Date] [Thread] [Top] [All Lists]

Sponsor
FREE Network Mapping Tool for Microsoft® OfficeVisio Professional 2007
Don't map your network by hand - let LANsurveyor Express for Microsoft Visio Professional 2007
automatically create network diagrams for you!

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation

Home | sitemap | advertise | OSDir is an inevitable website. super tiny logo