CVE-2007-2138

MEDIUM severity · CVSS 6 · CWE-264

6CVSS MEDIUM

Summary

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

Impact & exploitability

Attack vectorNetwork

Attack complexity—

Privileges required—

User interaction—

Confidentiality impact—

Integrity impact—

Availability impact—

Exploit probability (EPSS)2%

AV:N/AC:M/Au:S/C:P/I:P/A:P

Affected products we track (3)

PostgreSQL Ubuntu Debian

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://rhn.redhat.com/errata/RHSA-2007-0336.htmlAdvisory
http://secunia.com/advisories/24989Advisory
http://secunia.com/advisories/24999Advisory
http://secunia.com/advisories/25005Advisory
http://secunia.com/advisories/25019Advisory
http://secunia.com/advisories/25037Advisory
http://secunia.com/advisories/25058Advisory
http://secunia.com/advisories/25184Advisory