CVE-2005-0244

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.0.0 and earlier

Description The issue allows local users to bypass the EXECUTE permission check for functions. This is achieved by using the CREATE AGGREGATE command. A valid login is required to exploit this issue. EXECUTE permissions are not properly checked when creating aggregates.

Recommendations For PostgreSQL versions 8.0.0 and earlier, consider restricting the use of the CREATE AGGREGATE command until a proper fix is applied to ensure that EXECUTE permissions are properly checked. As a temporary workaround, review and limit the creation of aggregates to authorized users only.