CVE-2007-2138 - компьютерная безопасность: уязвимости и эксплоиты

[RU] switch to
English Version

CVE CVE-2007-2138
Статус Candidate
Описание Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Важность Low
CVSS score 3,4
CVSS vector (AV:R/AC:H/Au:R/C:P/I:P/A:P/B:N)
Phase Assigned (18.04.2007)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2138
References BID : 23618
CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
CONFIRM : http://www.postgresql.org/about/news.791
CONFIRM : http://www.postgresql.org/support/security.html
CONFIRM : https://issues.rpath.com/browse/RPL-1292
DEBIAN : DSA-1309
DEBIAN : DSA-1311
FRSIRT : ADV-2007-1497
FRSIRT : ADV-2007-1549
GENTOO : GLSA-200705-12
MANDRIVA : MDKSA-2007:094
REDHAT : RHSA-2007:0336
REDHAT : RHSA-2007:0337
SECTRACK : 1017974
SECUNIA : 24989
SECUNIA : 24999
SECUNIA : 25005
SECUNIA : 25019
SECUNIA : 25037
SECUNIA : 25058
SECUNIA : 25184
SECUNIA : 25238
SECUNIA : 25334
SECUNIA : 25717
SECUNIA : 25720
SECUNIA : 25725
SUNALERT : 102894
TRUSTIX : 2007-0015
UBUNTU : USN-454-1
XF : postgresql-searchpath-privilege-escalation(33842)
SecurityVulns: Повышение привилегий через PostgreSQL (privilege escalation)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород

test server