CVE-2002-1402
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/01/2003
Last modified:
03/04/2025
Description
Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code.
Impact
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524
- http://marc.info/?l=bugtraq&m=103021186622725&w=2
- http://marc.info/?l=bugtraq&m=103036987114437&w=2
- http://secunia.com/advisories/8034
- http://www.debian.org/security/2002/dsa-165
- http://www.mandriva.com/security/advisories?name=MDKSA-2002%3A062
- http://www.redhat.com/support/errata/RHSA-2003-001.html
- http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524
- http://marc.info/?l=bugtraq&m=103021186622725&w=2
- http://marc.info/?l=bugtraq&m=103036987114437&w=2
- http://secunia.com/advisories/8034
- http://www.debian.org/security/2002/dsa-165
- http://www.mandriva.com/security/advisories?name=MDKSA-2002%3A062
- http://www.redhat.com/support/errata/RHSA-2003-001.html