postgresql contributed script vulnerability

ID USN-6-1
Type ubuntu
Reporter Ubuntu
Modified 2004-10-27T00:00:00


Recently, Trustix Secure Linux discovered a vulnerability in the
postgresql-contrib package. The script "make_oidjoins_check" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the script.