postgresql -- privilege escalation vulnerability

ID 5D425189-7A03-11D9-A9E7-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-01-21T00:00:00


John Heasman and others disovered that non-privileged users could use the LOAD extension to load arbitrary libraries into the postgres server process space. This could be used by non-privileged local users to execute arbitrary code with the privileges of the postgresql server.