CVE-2007-2138
MEDIUM severity · CVSS 6 · CWE-264
6CVSS MEDIUM
Summary
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)3%
AV:N/AC:M/Au:S/C:P/I:P/A:P
Affected products we track (2)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://rhn.redhat.com/errata/RHSA-2007-0336.htmlAdvisory
- http://secunia.com/advisories/24989Advisory
- http://secunia.com/advisories/24999Advisory
- http://secunia.com/advisories/25005Advisory
- http://secunia.com/advisories/25019Advisory
- http://secunia.com/advisories/25037Advisory
- http://secunia.com/advisories/25058Advisory
- http://secunia.com/advisories/25184Advisory