Medium Nessus Plugin ID 18113
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:027 (postgresql).
Several problems were identified and fixed in the PostgreSQL database server.
Multiple buffer overflows in the low level parsing routines may allow attackers to execute arbitrary code via:
(1) a large number of variables in a SQL statement being handled by the read_sql_construct() function,
(2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function,
(3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and
(4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function.
This is tracked by the Mitre CVE ID CVE-2005-0247.