Lucene search
+L

149 matches found

redhat
redhat
added 2007/05/08 3:36 p.m.5 views

PostgreSQL security-definer function privilege escalation

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to...

6CVSS7.2AI score0.03184EPSS
Exploits0References4
nessus
nessus
added 2007/04/30 12:0 a.m.22 views

Mandrake Linux Security Advisory : postgresql (MDKSA-2007:094)

A weakness in previous versions of PostgreSQL was found in the security definer functions in which an authenticated but otherwise unprivileged SQL user could use temporary objects to execute arbitrary code with the privileges of the security-definer function. IMPORTANT NOTICE FOR CORPORATE...

6CVSS7.3AI score0.03184EPSS
Exploits0References1
ubuntu
ubuntu
added 2007/04/27 10:26 p.m.54 views

USN-454-1: PostgreSQL vulnerability

PostgreSQL did not handle the "searchpath" configuration option in a secure way for functions declared as "SECURITY DEFINER". Previously, an attacker could override functions and operators used by the security definer function to execute arbitrary SQL commands with the privileges of the user who...

6CVSS7.8AI score0.03184EPSS
Exploits0
seebug
seebug
added 2007/04/25 12:0 a.m.42 views

PostgreSQL SECURITY DEFINER函数本地权限提升漏洞

PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL的SECURITY DEFINER函数实现上存在安全漏洞,允许本地通过修改searchpath并使用临时对象获得权限提升。 PostgreSQL PostgreSQL 8.2.4 PostgreSQL PostgreSQL 8.1.9 PostgreSQL PostgreSQL 8.0.13 PostgreSQL PostgreSQL 7.4.17 PostgreSQL PostgreSQL 7.3.19 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

7.1AI score
Exploits0
prion
prion
added 2007/04/24 8:19 p.m.22 views

Design/Logic Flaw

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to...

6CVSS6.3AI score0.03184EPSS
Exploits0References31Affected Software3
cvelist
cvelist
added 2007/04/24 8:0 p.m.30 views

CVE-2007-2138

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to...

8.5AI score0.03184EPSS
Exploits0References31
postgresql
postgresql
added 2007/04/24 8:0 p.m.76 views

Vulnerability in core server (CVE-2007-2138)

A vulnerability involving insecure searchpath settings allows unprivileged users to gain the SQL privileges of the owner of any SECURITY DEFINER function they are allowed to call. Securing such a function requires both a software update and changes to the function definition...

6CVSS8.8AI score0.03184EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2007/04/24 12:0 a.m.58 views

rPSA-2007-0081-1 postgresql postgresql-server

rPath Security Advisory: 2007-0081-1 Published: 2007-04-24 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Deterministic Privilege Escalation Updated Versions: postgresql=/conary.rpath.com@rpl:devel//1/8.1.9-0.1-1...

6CVSS8.8AI score0.03184EPSS
Exploits0
securityvulns
securityvulns
added 2007/04/24 12:0 a.m.46 views

PostgreSQL privilege escalation

By using temporary objects, unprivileged user can execute function with permissions of security-definer...

6CVSS3.6AI score0.03184EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder