FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postgresql -- privilege escalation vulnerability

Affected packages
ja-postgresql < 7.3.9
7.4.* < ja-postgresql < 7.4.7
8.* < ja-postgresql < 8.0.1
postgresql < 7.3.9
7.4.* < postgresql < 7.4.7
8.* < postgresql < 8.0.1
postgresql-server < 7.3.9
7.4.* < postgresql-server < 7.4.7
8.* < postgresql-server < 8.0.1
postgresql-devel <= 8.0.1,1

Details

VuXML ID 5d425189-7a03-11d9-a9e7-0001020eed82
Discovery 2005-01-21
Entry 2005-02-08

John Heasman and others disovered that non-privileged users could use the LOAD extension to load arbitrary libraries into the postgres server process space. This could be used by non-privileged local users to execute arbitrary code with the privileges of the postgresql server.

References

Bugtraq ID 12411
CVE Name CVE-2005-0227
Message http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
Message http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php