PostgreSQL is a fully featured object-relational database management system. It supports a large part of the SQL standard and is designed to be extensible by users in many aspects. Graphical user interfaces and bindings for many programming languages are available as well.
Earlier this month, I discovered a denial of service vulnerability in versions of PostgreSQL that caused a crash if a function was called with invalid arguments in a SQL query. In theory, one could examine the contents of the server’s memory after the crash using this vulnerability. Currently, no threats in the wild are exploiting this vulnerability.
The following versions of PostgreSQL are vulnerable:
- 8.3.x before 8.3.23
- 8.4.x before 8.4.16
- 9.0.x before 9.0.12
- 9.1.x before 9.1.8
- 9.2.x before 9.2.3
The function in question is the enum_recv function, which is not properly declared in backend/utils/adt/enum.c. The current fix bars calling the function from SQL; the declaration of the function will be fixed in a future release by PostgreSQL. The function should accept inputs of the type “internal” not as “cstring”.
PostgreSQL has released updates to patch this vulnerability. We strongly urge administrators to update their servers to the appropriate version as soon as possible. The patched versions are:
- 8.3.23
- 8.4.16
- 9.0.12
- 9.1.8
- 9.2.3
In addition, the following Deep Security rule can be used to protect against this threat:
- 1005393 – PostgreSQL “enum_recv()” Denial Of Service Vulnerability
Leave a reply
