[Postgresql-it] PostgreSQL: Local privilege escalation

• From: Martino Serri <shaghy@xxxxxxxxxx>
• To: "postgresql-it@xxxxxxxxxxxxxxxxx" <postgresql-it@xxxxxxxxxxxxxxxxx>
• Date: Tue, 08 Feb 2005 10:31:28 +0100

Synopsis

> ========

The PostgreSQL server can be tricked by a local attacker to execute arbitrary code.

Affected packages

> =================

------------------------------------------------------------------- Package / Vulnerable / Unaffected -------------------------------------------------------------------
1 dev-db/postgresql < 7.4.7 >= 7.4.7

Description

> ===========

PostgreSQL's LOAD extension is vulnerable to a local privilege escalation discovered by John Heasman. A local user can load any shared library, but the initialization function will then be

> executed with the permissions of the PostgreSQL server.


Il resto su:
http://forums.gentoo.org/viewtopic.php?p=2066797#2066797

Other related posts:

• » [Postgresql-it] PostgreSQL: Local privilege escalation - Martino Serri

1. Home
2. postgresql-it
3. Archive
4. 02-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---