CVE-2005-0227

PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 3.1 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php	Patch Vendor Advisory
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php	Vendor Advisory
http://marc.info/?l=bugtraq&m=110726899107148&w=2	Mailing List Third Party Advisory
http://secunia.com/advisories/12948	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200502-08.xml	Third Party Advisory
http://www.debian.org/security/2005/dsa-668	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040	Broken Link
http://www.novell.com/linux/security/advisories/2005_36_sudo.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2005-138.html	Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2005-150.html	Third Party Advisory
http://www.securityfocus.com/bid/12411	Broken Link
http://www.trustix.org/errata/2005/0003/	Patch Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234	Broken Link
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php	Patch Vendor Advisory
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php	Vendor Advisory
http://marc.info/?l=bugtraq&m=110726899107148&w=2	Mailing List Third Party Advisory
http://secunia.com/advisories/12948	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200502-08.xml	Third Party Advisory
http://www.debian.org/security/2005/dsa-668	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040	Broken Link
http://www.novell.com/linux/security/advisories/2005_36_sudo.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2005-138.html	Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2005-150.html	Third Party Advisory
http://www.securityfocus.com/bid/12411	Broken Link
http://www.trustix.org/errata/2005/0003/	Patch Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::

History

20 Nov 2024, 23:54

Type	Values Removed	Values Added
References	~~() http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php - Patch, Vendor Advisory~~	() http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php - Patch, Vendor Advisory
References	~~() http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php - Vendor Advisory~~	() http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php - Vendor Advisory
References	~~() http://marc.info/?l=bugtraq&m=110726899107148&w=2 - Mailing List, Third Party Advisory~~	() http://marc.info/?l=bugtraq&m=110726899107148&w=2 - Mailing List, Third Party Advisory
References	~~() http://secunia.com/advisories/12948 - Third Party Advisory~~	() http://secunia.com/advisories/12948 - Third Party Advisory
References	~~() http://security.gentoo.org/glsa/glsa-200502-08.xml - Third Party Advisory~~	() http://security.gentoo.org/glsa/glsa-200502-08.xml - Third Party Advisory
References	~~() http://www.debian.org/security/2005/dsa-668 - Third Party Advisory~~	() http://www.debian.org/security/2005/dsa-668 - Third Party Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDKSA-2005:040 - Broken Link~~	() http://www.mandriva.com/security/advisories?name=MDKSA-2005:040 - Broken Link
References	~~() http://www.novell.com/linux/security/advisories/2005_36_sudo.html - Broken Link~~	() http://www.novell.com/linux/security/advisories/2005_36_sudo.html - Broken Link
References	~~() http://www.redhat.com/support/errata/RHSA-2005-138.html - Patch, Third Party Advisory~~	() http://www.redhat.com/support/errata/RHSA-2005-138.html - Patch, Third Party Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2005-150.html - Third Party Advisory~~	() http://www.redhat.com/support/errata/RHSA-2005-150.html - Third Party Advisory
References	~~() http://www.securityfocus.com/bid/12411 - Broken Link~~	() http://www.securityfocus.com/bid/12411 - Broken Link
References	~~() http://www.trustix.org/errata/2005/0003/ - Patch, Third Party Advisory~~	() http://www.trustix.org/errata/2005/0003/ - Patch, Third Party Advisory
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234 - Broken Link~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234 - Broken Link

18 Oct 2023, 20:54

Type	Values Removed	Values Added
References	~~(BUGTRAQ) http://marc.info/?l=bugtraq&m=110726899107148&w=2 -~~	(BUGTRAQ) http://marc.info/?l=bugtraq&m=110726899107148&w=2 - Mailing List, Third Party Advisory
References	~~(MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2005:040 -~~	(MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2005:040 - Broken Link
References	~~(BID) http://www.securityfocus.com/bid/12411 -~~	(BID) http://www.securityfocus.com/bid/12411 - Broken Link
References	~~(DEBIAN) http://www.debian.org/security/2005/dsa-668 - Patch, Vendor Advisory~~	(DEBIAN) http://www.debian.org/security/2005/dsa-668 - Third Party Advisory
References	~~(MLIST) http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php - Patch~~	(MLIST) http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php - Patch, Vendor Advisory
References	~~(SECUNIA) http://secunia.com/advisories/12948 - Patch, Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/12948 - Third Party Advisory
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234 - Broken Link
References	~~(TRUSTIX) http://www.trustix.org/errata/2005/0003/ - Patch, Vendor Advisory~~	(TRUSTIX) http://www.trustix.org/errata/2005/0003/ - Patch, Third Party Advisory
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2005-150.html - Patch, Vendor Advisory~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2005-150.html - Third Party Advisory
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2005-138.html - Patch, Vendor Advisory~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2005-138.html - Patch, Third Party Advisory
References	~~(GENTOO) http://security.gentoo.org/glsa/glsa-200502-08.xml - Patch~~	(GENTOO) http://security.gentoo.org/glsa/glsa-200502-08.xml - Third Party Advisory
References	~~(SUSE) http://www.novell.com/linux/security/advisories/2005_36_sudo.html -~~	(SUSE) http://www.novell.com/linux/security/advisories/2005_36_sudo.html - Broken Link
CPE	cpe:2.3:a:postgresql:postgresql:7.2.7:::::::* cpe:2.3:a:postgresql:postgresql:7.2.2:::::::* cpe:2.3:a:postgresql:postgresql:7.2.3:::::::* cpe:2.3:a:postgresql:postgresql:7.2.6:::::::* cpe:2.3:a:postgresql:postgresql:7.4.7:::::::* cpe:2.3:a:postgresql:postgresql:7.4.3:::::::* cpe:2.3:a:postgresql:postgresql:7.4.2:::::::* cpe:2.3:a:postgresql:postgresql:7.2.4:::::::* cpe:2.3:a:postgresql:postgresql:7.4.1:::::::* cpe:2.3:a:postgresql:postgresql:7.2.5:::::::* cpe:2.3:a:postgresql:postgresql:7.4.4:::::::* cpe:2.3:a:postgresql:postgresql:7.4.5:::::::* cpe:2.3:a:postgresql:postgresql:7.4.6:::::::* cpe:2.3:a:postgresql:postgresql:7.2.1:::::::*	cpe:2.3:a:postgresql:postgresql::::::::

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:54

NVD link : CVE-2005-0227

Mitre link : CVE-2005-0227

CVE.ORG link : CVE-2005-0227

JSON object : View

Products Affected

postgresql

postgresql

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

4.3 /10