Debian Security Advisory 1311-1 - It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statement called "security definers", which could lead to SQL privilege escalation.
f08303e0be1766a41d362b7f6b57ab00c0283603b5318df656b3e21da5e27cd5Debian Security Advisory 1309-1 - It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statements, so called "security definers", which could lead to SQL privilege escalation.
50aa9626cfa4730da2fe0ed5a11678a3a2a16dad9a652c32e07e8f4b9cd94973Gentoo Linux Security Advisory GLSA 200705-12 - An error involving insecure search_path settings in the SECURITY DEFINER functions has been reported in PostgreSQL. Versions less than 8.0.13 are affected.
34d2224268a137d54c76ded99e6d07e4106235b06f0ffb7104ba62c314f4fab4Ubuntu Security Notice 454-1 - PostgreSQL did not handle the "search_path" configuration option in a secure way for functions declared as "SECURITY DEFINER". Previously, an attacker could override functions and operators used by the security definer function to execute arbitrary SQL commands with the privileges of the user who created the security definer function. The updated version does not search the temporary table schema for functions and operators any more.
f18051df98728bdb9d0d5c4ddf38e3dfda0b0ac07fb02ae43883acbbb9a61897Mandriva Linux Security Advisory - A weakness in previous versions of PostgreSQL was found in the security definer functions in which an authenticated but otherwise unprivileged SQL user could use temporary objects to execute arbitrary code with the privileges of the security-definer function.
8cc1ac4a80b355d4c1721d43dc91f57910fd2fe18e2257ae704b722847c3b61b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed