FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-4136

This CVE name corresponds to:

Entered	Topic
2009-12-17	postgresql -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-4136 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2009-4136
Phase	Assigned(20091201)

Description

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.

References

Source	Reference
BUGTRAQ	20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server
CONFIRM	http://www.postgresql.org/docs/current/static/release-7-4-27.html
CONFIRM	http://www.postgresql.org/docs/current/static/release-8-0-23.html
CONFIRM	http://www.postgresql.org/docs/current/static/release-8-1-19.html
CONFIRM	http://www.postgresql.org/docs/current/static/release-8-2-15.html
CONFIRM	http://www.postgresql.org/docs/current/static/release-8-3-9.html
CONFIRM	http://www.postgresql.org/docs/current/static/release-8-4-2.html
CONFIRM	http://www.postgresql.org/support/security.html
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=546321
CONFIRM	http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
FEDORA	FEDORA-2009-13363
FEDORA	FEDORA-2009-13381
MANDRIVA	MDVSA-2009:333
REDHAT	RHSA-2010:0427
REDHAT	RHSA-2010:0428
REDHAT	RHSA-2010:0429
SUSE	SUSE-SR:2010:001
BID	37333
OSVDB	61039
OVAL	oval:org.mitre.oval:def:9358
SECTRACK	1023326
SECUNIA	37663
SECUNIA	39820
VUPEN	ADV-2009-3519
VUPEN	ADV-2010-1197