From: Florian Weimer
Date: Tue Aug 20, 2002 01:43:23 PM US/Pacific
To: Sir Mordred The Traitor
Subject: Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow
in PostgreSQL
Sir Mordred The Traitor writes:
--[ Solution
Do you still running postgresql? ...Can't believe that...
If so, execute the following command as a root: "killall -9
postmaster",
and wait until the patch will be available.
There's no need for such drastic action. Executing
DROP FUNCTION "repeat" (text, integer);
as the PostgreSQL superuser (usually "postgres") is sufficient in
this
case. Most installations won't ever need this procedure anyway.
By the way: This bug is very similar to the xdr_array/calloc/new[]
bug
(see e.g. http://cert.uni-stuttgart.de/advisories/calloc.php).
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/
fw/
RUS-CERT fax +49-711-685-5898
