|Category:||Trustix Local Security Checks|
|Title:||Trustix Security Advisory TSLSA-2007-0015 (postgresql)|
|Summary:||Trustix Security Advisory TSLSA-2007-0015 (postgresql)|
The remote host is missing updates announced in
postgresql < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New upstream.
- SECURITY Fix: A vulnerability has been identified, which could
be exploited by malicious users to obtain elevated privileges.
This issue is caused by an insecure search_path settings,
which could be exploited by unprivileged users to gain the SQL
privileges of the owner of any SECURITY DEFINER function they
are allowed to call
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2138 to this issue.
Update your system with the packages as indicated in
the referenced security advisory.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2007-2138|
Debian Security Information: DSA-1309 (Google Search)
Debian Security Information: DSA-1311 (Google Search)
RedHat Security Advisories: RHSA-2007:0336
BugTraq ID: 23618
XForce ISS Database: postgresql-searchpath-privilege-escalation(33842)
|Copyright||Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.