4.3 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
10.1%
John Heasman and others disovered that non-privileged users
could use the LOAD extension to load arbitrary
libraries into the postgres server process space. This
could be used by non-privileged local users to execute
arbitrary code with the privileges of the postgresql
server.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | postgresql | < 7.3.9 | UNKNOWN |
FreeBSD | any | noarch | postgresql-server | < 7.3.9 | UNKNOWN |
FreeBSD | any | noarch | ja-postgresql | < 7.3.9 | UNKNOWN |
FreeBSD | any | noarch | postgresql-devel | <= 8.0.1,1 | UNKNOWN |