Akio Ishida

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 8.1.4 PostgreSQL versions prior to 8.0.8 PostgreSQL versions prior to 7.4.13 PostgreSQL versions prior to 7.3.15 **Description** The issue allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters. An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible SQL injection. **Recommendations** For versions prior to 8.1.4, update to version 8.1.4 or later. For versions prior to 8.0.8, update to version 8.0.8 or later. For versions prior to 7.4.13, update to version 7.4.13 or later. For versions prior to 7.3.15, update to version 7.3.15 or later.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 8.1.x through 8.1.3 PostgreSQL versions 8.0.x through 8.0.7 PostgreSQL versions 7.4.x through 7.4.12 PostgreSQL versions 7.3.x through 7.3.14 PostgreSQL versions prior to 7.3.15 **Description** The issue allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings, such as SJIS, BIG5, GBK, GB18030, and UHC. This is due to the inability of clients that do not understand multibyte encodings to handle the "" (backslash) byte 0x5c correctly when it is the trailing byte of a multibyte character. The practice of escaping ASCII single quote "'" by turning it into "'" is unsafe when operating in these multibyte encodings. **Recommendations** For PostgreSQL versions 8.1.x through 8.1.3, update to version 8.1.4 or later. For PostgreSQL versions 8.0.x through 8.0.7, update to version 8.0.8 or later. For PostgreSQL versions 7.4.x through 7.4.12, update to version 7.4.13 or later. For PostgreSQL versions 7.3.x through 7.3.14, update to version 7.3.15 or later. For PostgreSQL versions prior to 7.3.15, update to version 7.3.15 or later.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 8.1.0 through 8.1.2 **Description** The issue allows authenticated database users to gain additional privileges via knowledge of the backend protocol by using a crafted SET ROLE to other database users. This is achieved through a bug in the handling of SET ROLE, which enables escalation of privileges to any other database user, including superuser. A valid login is required to exploit this issue. **Recommendations** For PostgreSQL versions 8.1.0 through 8.1.2, consider restricting the use of the SET ROLE command until a patch is available to prevent privilege escalation. As a temporary workaround, limit the privileges of authenticated database users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 7.3.x through 7.3.13 PostgreSQL versions 7.4.x through 7.4.11 PostgreSQL versions 8.0.x through 8.0.6 PostgreSQL versions 8.1.x through 8.1.2 **Description** The issue allows local users to cause a denial of service, resulting in a server crash, via a crafted SET SESSION AUTHORIZATION command when PostgreSQL is compiled with Asserts enabled. A valid login is required to exploit this issue. This can cause the postmaster to restart all backends. **Recommendations** For PostgreSQL versions 7.3.x through 7.3.13, update to version 7.3.14 or later. For PostgreSQL versions 7.4.x through 7.4.11, update to version 7.4.12 or later. For PostgreSQL versions 8.0.x through 8.0.6, update to version 8.0.7 or later. For PostgreSQL versions 8.1.x through 8.1.2, update to version 8.1.3 or later.