FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-0442

This CVE name corresponds to:

Entered	Topic
2010-03-25	postgresql -- bitsubstr overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-0442 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2010-0442
Phase	Assigned(20100127)

Description

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."

References

Source	Reference
MLIST	[oss-security] 20100127 Re: CVE id request: postgresql bitsubstr overflow
MLIST	[pgsql-committers] 20100107 pgsql: Make bit/varbit substring() treat any negative length as meaning
MLIST	[pgsql-hackers] 20100107 Re: Patch: Allow substring/replace() to get/set bit values
MISC	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058
MISC	http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html
CONFIRM	http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=75dea10196c31d98d98c0bafeeb576ae99c09b12
CONFIRM	http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=b15087cb39ca9e4bde3c8920fcee3741045d2b83
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=559194
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=559259
DEBIAN	DSA-2051
MANDRIVA	MDVSA-2010:103
REDHAT	RHSA-2010:0427
REDHAT	RHSA-2010:0428
REDHAT	RHSA-2010:0429
UBUNTU	USN-933-1
BID	37973
OVAL	oval:org.mitre.oval:def:9720
SECTRACK	1023510
SECUNIA	39566
SECUNIA	39820
SECUNIA	39939
VUPEN	ADV-2010-1022
VUPEN	ADV-2010-1207
VUPEN	ADV-2010-1197
VUPEN	ADV-2010-1221
XF	postgresql-substring-bo(55902)