New Search

Untrusted search path vulnerability in PostgreSQL before 7.3.19 7.4.x before 7.4.17 8.0.x before 8.0.13 8.1.x before 8.1.9 and 8.2.x before 8.2.4 allows remote authenticated users when permitted to call a SECURITY DEFINER function to gain the privileges of the function owner related to "search_path settings."

oval:org.mitre.oval:def:10090

Untrusted search path vulnerability in PostgreSQL before 7.3.19 7.4.x before 7.4.17 8.0.x before 8.0.13 8.1.x before 8.1.9 and 8.2.x before 8.2.4 allows remote authenticated users when permitted to call a SECURITY DEFINER function to gain the privileges of the function owner related to "search_path settings."

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Red Hat Enterprise Linux 3
  • Oracle Linux 5
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • CentOS Linux 3
  • Oracle Linux 4
  • Red Hat Enterprise Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2007-2138
Product(s):