[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2138Date: (C)2007-04-24   (M)2023-12-22


Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 6.8
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017974
SUNALERT-102894
2007-0015
BID-23618
SECUNIA-24989
SECUNIA-24999
SECUNIA-25005
SECUNIA-25019
SECUNIA-25037
SECUNIA-25058
SECUNIA-25184
SECUNIA-25238
SECUNIA-25334
SECUNIA-25717
SECUNIA-25720
SECUNIA-25725
ADV-2007-1497
ADV-2007-1549
DSA-1309
DSA-1311
GLSA-200705-12
MDKSA-2007:094
RHSA-2007:0336
RHSA-2007:0337
USN-454-1
http://support.avaya.com/elmodocs2/security/ASA-2007-190.htm
http://www.postgresql.org/about/news.791
http://www.postgresql.org/support/security.html
https://issues.rpath.com/browse/RPL-1292
oval:org.mitre.oval:def:10090
postgresql-searchpath-privilege-escalation(33842)

CPE    6
cpe:/o:canonical:ubuntu_linux:6.06::~~lts~~~
cpe:/o:canonical:ubuntu_linux:7.04
cpe:/a:postgresql:postgresql
cpe:/o:debian:debian_linux:3.1
...
CWE    1
CWE-264
OVAL    1
oval:org.secpod.oval:def:1802026

© SecPod Technologies