12th Mar 2003 [SBWID-6055]
COMMAND
	PostgreSQL Remote DoS condition
SYSTEMS AFFECTED
	versions 7.2.2 and previous
PROBLEM
	In Mordred Labs advisory 0x0007:
	PostgreSQL is an advanced object-relational database  management  system
	that  supports  an  extended  subset  of  the  SQL  standard,  including
	transactions, foreign keys,  subqueries,  triggers,  user-defined  types
	and functions. Check http://www.postgresql.org for more information.
	Upon connecting to a database,  postmaster  will  fork  a  new  process.
	After that, a child process will call a
	src/backend/postmaster/postmaster.c:DoBackend() routine,
	which     after     processing      a      startup      packet      (see
	src/include/libpq/pqcomm.h),
	will invoke a src/backend/libpq/auth.c:ClientAuthentication() routine to
	perform client authentication. If  there  is  an  entry  in  pg_hba.conf
	file, that matches an attacker's host, an attacker could trigger
	invocation of src/backend/libpq/auth.c:recv_and_check_password0(), which
	fails to detect a DoS condition.
	 Details
	 =======
	Consider this snip of code from src/backend/libpq/auth.c:
	
	[snip]
	static int recv_and_check_password0(Port *port) {
		int32 len;
		char *buf;
		if (pq_getint(&len, 4) == EOF)
			return STATUS_EOF;
		len -= 4;
		buf = palloc(len); /* len is taken from a packet */
	[snip]
	
	Note, that the size of palloced memory is taken from the user's input.
SOLUTION
	Disable network access for untrusted users.