FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0244

This CVE name corresponds to:

Entered Topic
2006-08-13 postgresql -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-0244
Phase Assigned(20050208)

Description

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.

References

Source Reference
MLIST [pgsql-hackers] 20050127 Permissions on aggregate component functions
MANDRAKE MDKSA-2005:040
REDHAT RHSA-2005:138
BUGTRAQ 20050210 [USN-79-1] PostgreSQL vulnerabilities
SUSE SUSE-SA:2005:036
BID 12417
OVAL oval:org.mitre.oval:def:10927
SECUNIA 12948
XF postgresql-security-bypass(19184)