Описание
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | postgresql | Will not fix | ||
| Red Hat Enterprise Linux 7 | postgresql | Not affected | ||
| CloudForms Management Engine 5.x | cfme | Fixed | RHSA-2014:0469 | 12.05.2014 |
| CloudForms Management Engine 5.x | postgresql92-postgresql | Fixed | RHSA-2014:0469 | 12.05.2014 |
| CloudForms Management Engine 5.x | prince | Fixed | RHSA-2014:0469 | 12.05.2014 |
| CloudForms Management Engine 5.x | ruby193-rubygem-actionpack | Fixed | RHSA-2014:0469 | 12.05.2014 |
| Red Hat Enterprise Linux 5 | postgresql84 | Fixed | RHSA-2014:0211 | 25.02.2014 |
| Red Hat Enterprise Linux 5 | postgresql | Fixed | RHSA-2014:0249 | 04.03.2014 |
| Red Hat Enterprise Linux 6 | postgresql | Fixed | RHSA-2014:0211 | 25.02.2014 |
| Red Hat Software Collections for RHEL-6 | postgresql92-postgresql | Fixed | RHSA-2014:0221 | 27.02.2014 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS2
Связанные уязвимости
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
The validator functions for the procedural languages (PLs) in PostgreS ...
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
Уязвимость системы управления базами данных PostgreSQL, позволяющая удаленным пользователям, прошедшим аутентификацию, повысить уровень своих привилегий
6.5 Medium
CVSS2