DSA-2051 postgresql-8.3 -- several vulnerabilitiesID: oval:org.mitre.oval:def:11655 | Date: (C)2010-07-31 (M)2023-03-01 |
Class: PATCH | Family: unix |
Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. Tom Lane discovered that the implementation of the procedural language PL/Tcl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Tcl code. It was discovered that an unprivileged user could reset superuser-only parameter settings.