The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102894 Security Vulnerability in PostgreSQL SECURITY DEFINER Functions May Allow Escalation of Privileges

Guest Author
Product: Solaris 10 Operating System

SECURITY DEFINER functions are special PostgreSQL functions which perform certain designated activities with special privileges. A security vulnerability in the PostgreSQL database server (see postgres(1)) may allow a local or remote PostgreSQL user who has authenticated with the PostgreSQL server to inject crafted objects (for example, functions, tables, or operators) and affect the execution of existing SECURITY DEFINER functions. This would allow that user to control the database and execute code with the elevated privileges of the owner of the SECURITY DEFINER function, or to shadow any table with their own modified version and inject it for processing by a SECURITY DEFINER function.

This issue is described in the following documents:

CVE-2007-2138 at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138

PostgreSQL Security Information at http://www.postgresql.org/about/news.791

Avoidance: Patch
State: Resolved
First released: 26-Apr-2007

Join the discussion

Comments ( 1 )
  • free pictures Tuesday, May 29, 2007
    all very busy but it would be nice to see
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.