Computer Security
[EN] securityvulns.ru no-pyccku


PostgreSQL privilege escalation
Published:24.04.2007
Source:
SecurityVulns ID:7631
Type:local
Threat Level:
6/10
Description:By using temporary objects, unprivileged user can execute function with permissions of security-definer.
Affected:POSTGRES : PostgreSQL 8.1
CVE:CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings.")
Original documentdocumentRPATH, rPSA-2007-0081-1 postgresql postgresql-server (24.04.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod