Users of PostgreSQL please be advised of an execute arbitrary code vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
USN-1002-2: [USN-1002-2] PostgreSQL vulnerability
advisory details:
It was discovered that PostgreSQL did not properly enforce permissions
within sessions when PL/Perl and PL/Tcl functions or operators were
redefined. A remote authenticated attacker could exploit this to execute
arbitrary code with permissions of a different user, possibly leading to
privilege escalation.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9GrQs5
No comments:
Post a Comment