cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2c2240c2f4
openbsd-ports/databases/postgresql
History
mbalmer 2c2240c2f4 Security update to PostgreSQL version 8.1.3. 
Vulnerabilities in PostgreSQL SET ROLE/SET SESSION AUTHORIZATION

By issuing SET ROLE with a specially crafted argument, it is possible
for any logged-in database user to acquire the privileges of any other
database user, including superusers.  Database superuser status allows
access to the machine's filesystem and hence might be used to mount
remote attacks against the rest of the server's operating system.
This error exists in PostgreSQL releases 8.1.0 - 8.1.2 and is fixed in 8.1.3.

The same underlying bug exists in SET SESSION AUTHORIZATION in all
releases back to 7.3.  This variant cannot be exploited for privilege
escalation, because one must already be superuser to use SET SESSION
AUTHORIZATION.  However, if the server has been compiled with Asserts
enabled (which is not the default), then it is possible to trigger an
Assert failure before the privilege check is reached.  This would cause
a momentary denial of service to other database users.  This is repaired
in PostgreSQL releases 8.1.3, 8.0.7, 7.4.12, and 7.3.14.
2006-02-14 18:59:36 +00:00
..
files Fix a typo, from jk <dhv@scurvy.org>. 2005-12-31 10:40:39 +00:00
patches SHARED_LIBS 2006-01-07 11:11:17 +00:00
pkg Security update to PostgreSQL version 8.1.3. 2006-02-14 18:59:36 +00:00
distinfo Security update to PostgreSQL version 8.1.3. 2006-02-14 18:59:36 +00:00
Makefile Security update to PostgreSQL version 8.1.3. 2006-02-14 18:59:36 +00:00