CVE-2007-2138

Impact:
Moderate
Public Date:
2007-04-23
Bugzilla:
237682: CVE-2007-2138 PostgreSQL security-definer function privilege escalation

The MITRE CVE dictionary describes this issue as:

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

Find out more about CVE-2007-2138 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (rh-postgresql) RHSA-2007:0336 2007-05-08
Red Hat Enterprise Linux 4 (postgresql) RHSA-2007:0336 2007-05-08
Red Hat Enterprise Linux 5 (postgresql) RHSA-2007:0336 2007-05-08
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (postgresql) RHSA-2007:0337 2007-05-03
Last Modified

CVE description copyright © 2017, The MITRE Corporation