ID CVE-2002-1402
Summary Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 18-10-2016 - 02:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2003:001
refmap via4
bugtraq
  • 20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release
  • 20020826 GLSA: PostgreSQL
conectiva CLA-2002:524
debian DSA-165
mandrake MDKSA-2002:062
mlist [pgsql-announce] 20020824 PostgreSQL 7.2.2: Security Release
secunia 8034
suse SuSE-SA:2002:038
Last major update 18-10-2016 - 02:26
Published 17-01-2003 - 05:00
Last modified 18-10-2016 - 02:26
Back to Top