This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200705-12
(PostgreSQL: Privilege escalation)
An error involving insecure search_path settings in the SECURITY
DEFINER functions has been reported in PostgreSQL.
If allowed to call a SECURITY DEFINER function, an attacker could gain
the SQL privileges of the owner of the called function.
There is no known workaround at this time.
See also :
All PostgreSQL users should upgrade to the latest version and fix their
SECURITY DEFINER functions:
# emerge --sync
# emerge --ask --oneshot --verbose 'dev-db/postgresql'
In order to fix the SECURITY DEFINER functions, PostgreSQL users are
advised to refer to the PostgreSQL documentation: http://www.postgresql
Risk factor :
Medium / CVSS Base Score : 6.0
Family: Gentoo Local Security Checks
Nessus Plugin ID: 25208 (gentoo_GLSA-200705-12.nasl)
CVE ID: CVE-2007-2138