postgresql contributed script vulnerability

2004-10-27T00:00:00
ID USN-6-1
Type ubuntu
Reporter Ubuntu
Modified 2004-10-27T00:00:00

Description

Recently, Trustix Secure Linux discovered a vulnerability in the postgresql-contrib package. The script “make_oidjoins_check” created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the script.