PostgreSQL Global Development GroupPOSTGRESQL:CVE-2007-2138

HistoryApr 24, 2007 - 8:19 p.m.

Vulners
/
Postgresql
/
Vulnerability in core server (CVE-2007-2138)

Vulnerability in core server (CVE-2007-2138)

2007-04-2420:19:00

PostgreSQL Global Development Group

www.postgresql.org

0.004 Low

EPSS

Percentile

73.3%

JSON

A vulnerability involving insecure search_path settings allows unprivileged users to gain the SQL privileges of the owner of any SECURITY DEFINER function they are allowed to call. Securing such a function requires both a software update and changes to the function definition.

CPENameOperatorVersion
postgresqllt7.3.19
postgresqllt8.1.9
postgresqllt8.0.13
postgresqllt8.2.4
postgresqllt7.4.17

Name	Operator	Version
postgresql	lt	7.3.19
postgresql	lt	8.1.9
postgresql	lt	8.0.13
postgresql	lt	8.2.4
postgresql	lt	7.4.17

References

/support/security/CVE-2007-2138/

fedora 4

securityvulns 2

nessus 20

gentoo 1

centos 1

openvas 22

debian 3

cve 1

redhat 2

prion 1

ubuntu 1

nvd 1

ubuntucve 1

veracode 1

cvelist 1

archlinux 2

freebsd 1

oraclelinux 1

fedora

[SECURITY] Fedora 7 Update: postgresql-8.2.4-1.fc7

2007-06-06 03:02:26

[SECURITY] Fedora Core 6 Update: postgresql-8.1.9-1.fc6

2007-06-06 17:22:21

[SECURITY] Fedora Core 5 Update: postgresql-8.1.9-1.fc5

2007-06-06 17:24:23

securityvulns

PostgreSQL privilege escalation

2007-04-24 00:00:00

rPSA-2007-0081-1 postgresql postgresql-server

2007-04-24 00:00:00

nessus

Fedora Core 6 : postgresql-8.1.9-1.fc6 (2007-565)

2007-06-07 00:00:00

RHEL 3 / 4 / 5 : postgresql (RHSA-2007:0336)

2007-05-10 00:00:00

GLSA-200705-12 : PostgreSQL: Privilege escalation

2007-05-11 00:00:00

gentoo

PostgreSQL: Privilege escalation

2007-05-10 00:00:00

centos

postgresql, rh security update

2007-05-08 16:27:32

openvas

Mandriva Update for postgresql MDKSA-2007:094 (postgresql)

2009-04-09 00:00:00

Ubuntu Update for postgresql-8.1, postgresql-8.2 vulnerability USN-454-1

2009-03-23 00:00:00

PostgreSQL < 7.3.19, 7.4.x < 7.4.17, 8.0.x < 8.0.13, 8.1.x < 8.1.9, and 8.2.x < 8.2.4 Untrusted Search Path Vulnerability - Windows

2018-10-23 00:00:00

debian

[SECURITY] [DSA 1309-1] New PostgreSQL 8.1 packages fix privilege escalation

2007-06-16 21:34:45

[SECURITY] [DSA 1311-1] New PostgreSQL 7.4 packages fix privilege escalation

2007-06-17 23:23:17

[SECURITY] [DLA-1874-1] postgresql-9.4 security update

2019-08-09 08:33:57

cve

CVE-2007-2138

2007-04-24 20:19:00

redhat

(RHSA-2007:0336) Moderate: postgresql security update

2007-05-08 00:00:00

(RHSA-2007:0337) Moderate: postgresql security update

2007-05-03 00:00:00

prion

Design/Logic Flaw

2007-04-24 20:19:00

ubuntu

PostgreSQL vulnerability

2007-04-27 00:00:00

nvd

CVE-2007-2138

2007-04-24 20:19:00

ubuntucve

CVE-2007-2138

2007-04-24 00:00:00

veracode

Untrusted Search Path

2020-04-10 00:13:56

cvelist

CVE-2007-2138

2007-04-24 20:00:00

archlinux

[ASA-201908-8] postgresql: multiple issues

2019-08-10 00:00:00

[ASA-201908-7] postgresql-libs: multiple issues

2019-08-10 00:00:00

freebsd

PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution

2019-08-08 00:00:00

oraclelinux

Moderate: postgresql security update

2007-05-08 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

Vulnerability in core server (CVE-2007-2138)

References

Related