PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.
Publish Date : 2009-12-15 Last Update Date : 2018-10-10
Title |
Definition Id |
Class |
Family |
CVE-2009-4136 |
oval:org.opensuse.security:def:20094136 |
|
unix |
DEPRECATED: ELSA-2010-0429 -- postgresql security update (moderate) |
oval:org.mitre.oval:def:27970 |
|
unix |
DSA-1964 postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several vulnerabilities |
oval:org.mitre.oval:def:6869 |
|
unix |
DSA-1964-1 postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several |
oval:org.mitre.oval:def:13000 |
|
unix |
ELSA-2010:0429: postgresql security update (Moderate) |
oval:org.mitre.oval:def:22939 |
|
unix |
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8... |
oval:org.mitre.oval:def:9358 |
|
unix |
RHSA-2010:0427: postgresql security update (Moderate) |
oval:com.redhat.rhsa:def:20100427 |
|
unix |
RHSA-2010:0428: postgresql security update (Moderate) |
oval:com.redhat.rhsa:def:20100428 |
|
unix |
RHSA-2010:0429: postgresql security update (Moderate) |
oval:org.mitre.oval:def:21774 |
|
unix |
RHSA-2010:0429: postgresql security update (Moderate) |
oval:com.redhat.rhsa:def:20100429 |
|
unix |
USN-876-1 -- postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities |
oval:org.mitre.oval:def:13259 |
|
unix |
|
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify
a vulnerability or a missing patch. Check out the OVAL definitions
if you want to learn what you should do to verify a vulnerability.