postgresql contributed script vulnerability

ID USN-6-1
Type ubuntu
Reporter Ubuntu
Modified 2004-10-27T00:00:00


Recently, Trustix Secure Linux discovered a vulnerability in the postgresql-contrib package. The script “make_oidjoins_check” created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the script.