Vulnerability Name:

CVE-2003-0901 (CCN-13556)

Assigned:2003-10-28
Published:2003-10-28
Updated:2008-09-05
Summary:Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2003-0901

Source: CONFIRM
Type: UNKNOWN
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/ascii.c

Source: CONECTIVA
Type: UNKNOWN
CLA-2003:784

Source: CONECTIVA
Type: UNKNOWN
CLSA-2003:772

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:784
postgresql

Source: CCN
Type: RHSA-2003-313
Updated PostgreSQL packages fix buffer overflow

Source: CCN
Type: RHSA-2003-314
postgresql security update

Source: CCN
Type: CIAC Information Bulletin O-026
Red Hat Updated PostgreSQL Packages Fix Buffer Overflow

Source: DEBIAN
Type: UNKNOWN
DSA-397

Source: DEBIAN
Type: DSA-397
postgresql -- buffer overflow

Source: CCN
Type: Trustix Secure Linux Security Advisory #2003-0040
postgresql

Source: CCN
Type: OpenPKG-SA-2003.047
PostgreSQL

Source: CCN
Type: OpenPKG-SA-2003.048
PostgreSQL

Source: CCN
Type: PostgreSQL Web site
PostgreSQL

Source: REDHAT
Type: UNKNOWN
RHSA-2003:313

Source: REDHAT
Type: UNKNOWN
RHSA-2003:314

Source: BID
Type: Patch, Vendor Advisory
8741

Source: CCN
Type: BID-8741
PostgreSQL To_Ascii() Buffer Overflow Vulnerability

Source: CCN
Type: BID-9066
PostgreSQL 7.4 Release To Fix Several Security Vulnerabilities

Source: CCN
Type: TLSA-2003-62
Buffer overflow

Source: XF
Type: UNKNOWN
postgresql-ascii-bo(13556)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:trustix:secure_linux:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20030901
    V
    		CVE-2003-0901
    2015-11-16
    oval:org.debian:def:397
    V
    		buffer overflow
    2003-11-07
    BACK
    postgresql postgresql 7.2
    postgresql postgresql 7.2.1
    postgresql postgresql 7.2.2
    postgresql postgresql 7.2.3
    postgresql postgresql 7.2.4
    postgresql postgresql 7.3
    postgresql postgresql 7.3.1
    postgresql postgresql 7.3.2
    postgresql postgresql 7.3.3
    postgresql postgresql 7.2.1
    postgresql postgresql 7.2.2
    postgresql postgresql 7.2
    postgresql postgresql 7.3
    postgresql postgresql 7.2.3
    postgresql postgresql 7.2.4
    postgresql postgresql 7.3.1
    postgresql postgresql 7.3.2
    postgresql postgresql 7.3.3
    trustix secure linux 1.2
    conectiva linux 7.0
    trustix secure linux 1.5
    redhat linux 7.2
    conectiva linux 8.0
    redhat linux 7.3
    debian debian linux 3.0
    openpkg openpkg current
    redhat linux 8.0
    mandrakesoft mandrake linux 9.0
    openpkg openpkg 1.2
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    redhat enterprise linux 2.1
    conectiva linux 9.0
    trustix secure linux 2.0
    openpkg openpkg 1.3
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux corporate server 2.1