First published: Mon Apr 23 2007(Updated: )
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/postgresql | <0:8.1.9-1.el5 | 0:8.1.9-1.el5 |
redhat/postgresql | <0:8.1.9-1.el4 | 0:8.1.9-1.el4 |
PostgreSQL PostgreSQL | <7.3.19 | |
PostgreSQL PostgreSQL | >=7.4<7.4.17 | |
PostgreSQL PostgreSQL | >=8.0<8.0.13 | |
PostgreSQL PostgreSQL | >=8.1<8.1.9 | |
PostgreSQL PostgreSQL | >=8.2<8.2.4 | |
Debian Debian Linux | =3.1 | |
Debian Debian Linux | =4.0 | |
Canonical Ubuntu Linux | =6.06 | |
Canonical Ubuntu Linux | =6.10 | |
Canonical Ubuntu Linux | =7.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.