Описание
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-2138
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33842
- https://issues.rpath.com/browse/RPL-1292
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10090
- http://rhn.redhat.com/errata/RHSA-2007-0336.html
- http://secunia.com/advisories/24989
- http://secunia.com/advisories/24999
- http://secunia.com/advisories/25005
- http://secunia.com/advisories/25019
- http://secunia.com/advisories/25037
- http://secunia.com/advisories/25058
- http://secunia.com/advisories/25184
- http://secunia.com/advisories/25238
- http://secunia.com/advisories/25334
- http://secunia.com/advisories/25717
- http://secunia.com/advisories/25720
- http://secunia.com/advisories/25725
- http://security.gentoo.org/glsa/glsa-200705-12.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102894-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-190.htm
- http://www.debian.org/security/2007/dsa-1309
- http://www.debian.org/security/2007/dsa-1311
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:094
- http://www.postgresql.org/about/news.791
- http://www.postgresql.org/support/security.html
- http://www.redhat.com/support/errata/RHSA-2007-0337.html
- http://www.securityfocus.com/bid/23618
- http://www.securitytracker.com/id?1017974
- http://www.trustix.org/errata/2007/0015
- http://www.ubuntu.com/usn/usn-454-1
- http://www.vupen.com/english/advisories/2007/1497
- http://www.vupen.com/english/advisories/2007/1549
EPSS
CVE ID
Связанные уязвимости
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...
ELSA-2007-0336: Moderate: postgresql security update (MODERATE)
EPSS