TUCoPS :: Web :: Apps :: a6055.htm

PostgreSQL Remote DoS condition
12th Mar 2003 [SBWID-6055]
COMMAND

	PostgreSQL Remote DoS condition

SYSTEMS AFFECTED

	versions 7.2.2 and previous

PROBLEM

	In Mordred Labs advisory 0x0007:
	
	PostgreSQL is an advanced object-relational database  management  system
	that  supports  an  extended  subset  of  the  SQL  standard,  including
	transactions, foreign keys,  subqueries,  triggers,  user-defined  types
	and functions. Check http://www.postgresql.org for more information.
	
	
	Upon connecting to a database,  postmaster  will  fork  a  new  process.
	After that, a child process will call a
	src/backend/postmaster/postmaster.c:DoBackend() routine,
	which     after     processing      a      startup      packet      (see
	src/include/libpq/pqcomm.h),
	will invoke a src/backend/libpq/auth.c:ClientAuthentication() routine to
	perform client authentication. If  there  is  an  entry  in  pg_hba.conf
	file, that matches an attacker's host, an attacker could trigger
	invocation of src/backend/libpq/auth.c:recv_and_check_password0(), which
	fails to detect a DoS condition.
	
	
	
	 Details
	 =======
	
	Consider this snip of code from src/backend/libpq/auth.c:
	
	
	[snip]
	static int recv_and_check_password0(Port *port) {
		int32 len;
		char *buf;
	
		if (pq_getint(&len, 4) == EOF)
			return STATUS_EOF;
		len -= 4;
		buf = palloc(len); /* len is taken from a packet */
	[snip]
	
	
	Note, that the size of palloced memory is taken from the user's input.
	
	
	

SOLUTION

	Disable network access for untrusted users.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH