An extension script is vulnerable if it uses @extowner@
, @extschema@
, or @extschema:...@
inside a quoting construct (dollar quoting, ''
, or ""
). No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite is an administrator having installed files of a vulnerable, trusted, non-bundled extension. Subject to that prerequisite, this enables an attacker having database-level CREATE
privilege to execute arbitrary code as the bootstrap superuser. PostgreSQL will block this attack in the core server, so there’s no need to modify individual extensions.
CPE | Name | Operator | Version |
---|---|---|---|
brocade sannav | lt | 2.3.0a |