Users of PostgreSQL please be advised of a code-execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
USN-1002-1: [USN-1002-1] PostgreSQL code-execution vulnerability
Details follow:
It was discovered that PostgreSQL did not properly enforce permissions
within sessions when PL/Perl and PL/Tcl functions or operators were
redefined. A remote authenticated attacker could exploit this to execute
arbitrary code with permissions of a different user, possibly leading to
privilege escalation.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/d3DHfd
No comments:
Post a Comment