CVE-2007-2138

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 7.3.19 PostgreSQL versions 7.4.x prior to 7.4.17 PostgreSQL versions 8.0.x prior to 8.0.13 PostgreSQL versions 8.1.x prior to 8.1.9 PostgreSQL versions 8.2.x prior to 8.2.4

Description The issue allows remote authenticated users to gain the privileges of the function owner when permitted to call a SECURITY DEFINER function, related to "search path settings."

Recommendations For versions prior to 7.3.19, update to version 7.3.19 or later. For versions 7.4.x prior to 7.4.17, update to version 7.4.17 or later. For versions 8.0.x prior to 8.0.13, update to version 8.0.13 or later. For versions 8.1.x prior to 8.1.9, update to version 8.1.9 or later. For versions 8.2.x prior to 8.2.4, update to version 8.2.4 or later.