CVE-2012-0866
First published: Wed Jul 18 2012(Updated: )
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL PostgreSQL | =8.3 | |
| PostgreSQL PostgreSQL | =8.3.1 | |
| PostgreSQL PostgreSQL | =8.3.2 | |
| PostgreSQL PostgreSQL | =8.3.3 | |
| PostgreSQL PostgreSQL | =8.3.4 | |
| PostgreSQL PostgreSQL | =8.3.5 | |
| PostgreSQL PostgreSQL | =8.3.6 | |
| PostgreSQL PostgreSQL | =8.3.7 | |
| PostgreSQL PostgreSQL | =8.3.8 | |
| PostgreSQL PostgreSQL | =8.3.9 | |
| PostgreSQL PostgreSQL | =8.3.10 | |
| PostgreSQL PostgreSQL | =8.3.11 | |
| PostgreSQL PostgreSQL | =8.3.12 | |
| PostgreSQL PostgreSQL | =8.3.13 | |
| PostgreSQL PostgreSQL | =8.3.14 | |
| PostgreSQL PostgreSQL | =8.3.15 | |
| PostgreSQL PostgreSQL | =8.3.16 | |
| PostgreSQL PostgreSQL | =8.3.17 | |
| PostgreSQL PostgreSQL | =8.4 | |
| PostgreSQL PostgreSQL | =8.4.1 | |
| PostgreSQL PostgreSQL | =8.4.2 | |
| PostgreSQL PostgreSQL | =8.4.3 | |
| PostgreSQL PostgreSQL | =8.4.4 | |
| PostgreSQL PostgreSQL | =8.4.5 | |
| PostgreSQL PostgreSQL | =8.4.6 | |
| PostgreSQL PostgreSQL | =8.4.7 | |
| PostgreSQL PostgreSQL | =8.4.8 | |
| PostgreSQL PostgreSQL | =8.4.9 | |
| PostgreSQL PostgreSQL | =8.4.10 | |
| PostgreSQL PostgreSQL | =9.0 | |
| PostgreSQL PostgreSQL | =9.0.1 | |
| PostgreSQL PostgreSQL | =9.0.2 | |
| PostgreSQL PostgreSQL | =9.0.3 | |
| PostgreSQL PostgreSQL | =9.0.4 | |
| PostgreSQL PostgreSQL | =9.0.5 | |
| PostgreSQL PostgreSQL | =9.0.6 | |
| PostgreSQL PostgreSQL | =9.1 | |
| PostgreSQL PostgreSQL | =9.1.1 | |
| PostgreSQL PostgreSQL | =9.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
- http://rhn.redhat.com/errata/RHSA-2012-0677.html
- http://rhn.redhat.com/errata/RHSA-2012-0678.html
- http://secunia.com/advisories/49272
- http://secunia.com/advisories/49273
- http://www.debian.org/security/2012/dsa-2418
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:027
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:092
- http://www.postgresql.org/about/news/1377/
- http://www.postgresql.org/docs/8.3/static/release-8-3-18.html
- http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
- http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
- http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/8.3
- version/postgresql postgresql/8.3.1
- version/postgresql postgresql/8.3.2
- version/postgresql postgresql/8.3.3
- version/postgresql postgresql/8.3.4
- version/postgresql postgresql/8.3.5
- version/postgresql postgresql/8.3.6
- version/postgresql postgresql/8.3.7
- version/postgresql postgresql/8.3.8
- version/postgresql postgresql/8.3.9
- version/postgresql postgresql/8.3.10
- version/postgresql postgresql/8.3.11
- version/postgresql postgresql/8.3.12
- version/postgresql postgresql/8.3.13
- version/postgresql postgresql/8.3.14
- version/postgresql postgresql/8.3.15
- version/postgresql postgresql/8.3.16
- version/postgresql postgresql/8.3.17
- version/postgresql postgresql/8.4
- version/postgresql postgresql/8.4.1
- version/postgresql postgresql/8.4.2
- version/postgresql postgresql/8.4.3
- version/postgresql postgresql/8.4.4
- version/postgresql postgresql/8.4.5
- version/postgresql postgresql/8.4.6
- version/postgresql postgresql/8.4.7
- version/postgresql postgresql/8.4.8
- version/postgresql postgresql/8.4.9
- version/postgresql postgresql/8.4.10
- version/postgresql postgresql/9.0
- version/postgresql postgresql/9.0.1
- version/postgresql postgresql/9.0.2
- version/postgresql postgresql/9.0.3
- version/postgresql postgresql/9.0.4
- version/postgresql postgresql/9.0.5
- version/postgresql postgresql/9.0.6
- version/postgresql postgresql/9.1
- version/postgresql postgresql/9.1.1
- version/postgresql postgresql/9.1.2