PostgreSQL VACUUM命令数据丢失漏洞

漏洞信息详情

PostgreSQL VACUUM命令数据丢失漏洞

• CNNVD编号：CNNVD-200210-001
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-1642
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2002-10-03
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  postgresql
• 漏洞来源：
  PostgreSQL

PostgreSQL 7.2.1和7.2.2版本存在漏洞。本地用户借助VACUUM命令删除log (pg_clog)数据和导致服务拒绝（数据丢失）。

Conectiva have released a security announcement (CLSA-2003:654) to address this issue. See referenced announcement for further information relating to applying fixes.
The vendor has reported that this issue has been addressed in the current version of the product.
PostgreSQL PostgreSQL 7.2

• PostgreSQL PostgreSQL Latest
  ftp://ftp.postgresql.org/pub/latest

PostgreSQL PostgreSQL 7.2.1

• PostgreSQL PostgreSQL Latest
  ftp://ftp.postgresql.org/pub/latest

PostgreSQL PostgreSQL 7.2.2

• Conectiva postgresql-7.2.2-90.i586.rpm
  ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/postgresql-7.2.2-90.i5
  86.rpm
• Conectiva postgresql-7.2.2-90.src.rpm
  ftp://ul.conectiva.com.br/updates/1.0/SRPMS.core/postgresql-7.2.2-90.s
  rc.rpm
• PostgreSQL PostgreSQL Latest
  ftp://ftp.postgresql.org/pub/latest

来源:US-CERT Vulnerability Note: VU#891177
名称: VU#891177
链接:http://www.kb.cert.org/vuls/id/891177

来源: BID
名称: 7657
链接:http://www.securityfocus.com/bid/7657

来源: MLIST
名称: [pgsql-announce] 20021003 v7.2.3 Released to fix Potentially Critical Bug
链接:http://archives.postgresql.org/pgsql-announce/2002-10/msg00000.php

来源: XF
名称: postgresql-vacuum-delete-pcclog(11102)
链接:http://xforce.iss.net/xforce/xfdb/11102

来源: REDHAT
名称: RHSA-2003:001
链接:http://www.redhat.com/support/errata/RHSA-2003-001.html