Repositories
https://github.com/babelfish-for-postgresql/babelfish_extensions
GitHub Project: Babelfish for PostgreSQL
Affected versions
ALL
Patched versions
The patch release will need to be applied to all the releases prior to Babelfish 2.2.0, which will ship with the fix.
Description
Impact
An authenticated user could create a stack based buffer overflow in some of the Babelfish system stored procedures with long parameter values. In addition to the ability to crash the PostgreSQL server with Babelfish Extension, a specially crafted parameter value could be used to execute arbitrary code as the PostgreSQL operating system account.
Patches
This issue is fixed by upgrading to Babelfish for PostgreSQL 2.2.0.
Workarounds
There is no recommended work around.
For more information
If you have any questions or comments about this advisory we ask that contact AWS/Amazon Security via our vulnerability reporting page (http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to [email protected]. Please do not create a public GitHub issue.
Repositories
https://github.com/babelfish-for-postgresql/babelfish_extensions
GitHub Project: Babelfish for PostgreSQL
Affected versions
ALL
Patched versions
The patch release will need to be applied to all the releases prior to Babelfish 2.2.0, which will ship with the fix.
Description
Impact
An authenticated user could create a stack based buffer overflow in some of the Babelfish system stored procedures with long parameter values. In addition to the ability to crash the PostgreSQL server with Babelfish Extension, a specially crafted parameter value could be used to execute arbitrary code as the PostgreSQL operating system account.
Patches
This issue is fixed by upgrading to Babelfish for PostgreSQL 2.2.0.
Workarounds
There is no recommended work around.
For more information
If you have any questions or comments about this advisory we ask that contact AWS/Amazon Security via our vulnerability reporting page (http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to [email protected]. Please do not create a public GitHub issue.