Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2012-0866
Description:CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
Test IDs: 1.3.6.1.4.1.25623.1.0.71146   1.3.6.1.4.1.25623.1.0.123917   1.3.6.1.4.1.25623.1.1.4.2012.0702.1   1.3.6.1.4.1.25623.1.1.4.2012.0700.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-0866
Debian Security Information: DSA-2418 (Google Search)
http://www.debian.org/security/2012/dsa-2418
http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
http://www.mandriva.com/security/advisories?name=MDVSA-2012:027
http://www.mandriva.com/security/advisories?name=MDVSA-2012:092
RedHat Security Advisories: RHSA-2012:0677
http://rhn.redhat.com/errata/RHSA-2012-0677.html
RedHat Security Advisories: RHSA-2012:0678
http://rhn.redhat.com/errata/RHSA-2012-0678.html
http://secunia.com/advisories/49272
http://secunia.com/advisories/49273
SuSE Security Announcement: openSUSE-SU-2012:1173 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html




© 1998-2024 E-Soft Inc. All rights reserved.