CVE-2007-2138 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-2138
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2138

Description: Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/33842 UBUNTU http://www.ubuntu.com/usn/usn-454-1 TRUSTIX http://www.trustix.org/errata/2007/0015/ SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102894-1 ST 1017974 SAID Secunia Advisory: SA25037 Secunia Advisory: SA25019 Secunia Advisory: SA25005 Secunia Advisory: SA24989 Secunia Advisory: SA24999 Secunia Advisory: SA25058 Secunia Advisory: SA25184 Secunia Advisory: SA25238 Secunia Advisory: SA25334 Secunia Advisory: SA25717 Secunia Advisory: SA25725 Secunia Advisory: SA25720 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0337.html http://rhn.redhat.com/errata/RHSA-2007-0336.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:094 GENTOO http://security.gentoo.org/glsa/glsa-200705-12.xml DEBIAN http://www.debian.org/security/2007/dsa-1309 http://www.debian.org/security/2007/dsa-1311 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-190.htm http://www.postgresql.org/support/security.html http://www.postgresql.org/about/news.791 BID 23618

Return to the previous page.