CVE-2007-2138 Information
Description
Untrusted search path vulnerability in PostgreSQL before 7.3.19 7.4.x before 7.4.17 8.0.x before 8.0.13 8.1.x before 8.1.9 and 8.2.x before 8.2.4 allows remote authenticated users when permitted to call a SECURITY DEFINER function to gain the privileges of the function owner related to \search_path settings.\
Reference
http://rhn.redhat.com/errata/RHSA-2007-0336.html http://secunia.com/advisories/24989 http://secunia.com/advisories/24999 http://secunia.com/advisories/25005 http://secunia.com/advisories/25019 http://secunia.com/advisories/25037 http://secunia.com/advisories/25058 http://secunia.com/advisories/25184 http://secunia.com/advisories/25238 http://secunia.com/advisories/25334 http://secunia.com/advisories/25717 http://secunia.com/advisories/25720 http://secunia.com/advisories/25725 http://security.gentoo.org/glsa/glsa-200705-12.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-102894-1 http://support.avaya.com/elmodocs2/security/ASA-2007-190.htm http://www.debian.org/security/2007/dsa-1309 http://www.debian.org/security/2007/dsa-1311 http://www.mandriva.com/security/advisories?name=MDKSA-2007:094 http://www.postgresql.org/about/news.791 http://www.postgresql.org/support/security.html http://www.redhat.com/support/errata/RHSA-2007-0337.html http://www.securityfocus.com/bid/23618 http://www.securitytracker.com/id?1017974 http://www.trustix.org/errata/2007/0015/ http://www.ubuntu.com/usn/usn-454-1 http://www.vupen.com/english/advisories/2007/1497 http://www.vupen.com/english/advisories/2007/1549 https://exchange.xforce.ibmcloud.com/vulnerabilities/33842 https://issues.rpath.com/browse/RPL-1292 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10090
Share on: