PT-2005-1324 · Postgresql+1 · Postgresql+1

Tom Lane

Published

2005-02-08

Updated

2017-10-11

CVE-2005-0244

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.0.0 and earlier

Description The issue allows local users to bypass the EXECUTE permission check for functions. This is achieved by using the CREATE AGGREGATE command. A valid login is required to exploit this issue. EXECUTE permissions are not properly checked when creating aggregates.

Recommendations For PostgreSQL versions 8.0.0 and earlier, consider restricting the use of the CREATE AGGREGATE command until a proper fix is applied to ensure that EXECUTE permissions are properly checked. As a temporary workaround, review and limit the creation of aggregates to authorized users only.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2005-0244

RHSA-2005:138

RHSA-2005:141

RHSA-2005_138

RHSA-2005_141

Affected Products

Postgresql

Red Hat

PT-2005-1324 · Postgresql+1 · Postgresql+1

CVE-2005-0244

Weakness Enumeration

Related Identifiers

Affected Products

References · 23