CVE-2005-0227

CVSS v2.0

4.3

Medium

Vector

AV:L/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 7.2.x through 7.4.x PostgreSQL (affected versions not specified)

Description The issue allows local users to load arbitrary shared libraries and execute code via the LOAD extension. Any database user is permitted to load arbitrary shared libraries using the LOAD command. A valid login is required to exploit this issue.

Recommendations For versions 7.2.x through 7.4.x, consider restricting access to the LOAD command to prevent arbitrary shared library loading. As a temporary workaround, consider disabling the LOAD extension until a patch is available. Restrict database user permissions to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2005-0227

DSA-668-1

RHSA-2005:138

RHSA-2005:141

RHSA-2005_138

RHSA-2005_141

Affected Products

Postgresql

Red Hat

CVE-2005-0227

Weakness Enumeration

Related Identifiers

Affected Products

References · 27