Vulnerability in core server (CVE-2007-6600)

2008-01-09T21:46:00
ID POSTGRESQL:CVE-2007-6600
Type postgresql
Reporter PostgreSQL Global Development Group
Modified 2008-01-09T21:46:00

Description

Two vulnerabilities in how ANALYZE executes user defined functions that are part of expression indexes allows users to gain superuser privileges. A valid login that has permissions to create functions and tables is required to exploit this vulnearbility.