GLSA-200705-12 : PostgreSQL: Privilege escalation

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200705-12
(PostgreSQL: Privilege escalation)

An error involving insecure search_path settings in the SECURITY
DEFINER functions has been reported in PostgreSQL.

Impact :

If allowed to call a SECURITY DEFINER function, an attacker could gain
the SQL privileges of the owner of the called function.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All PostgreSQL users should upgrade to the latest version and fix their
# emerge --sync
# emerge --ask --oneshot --verbose 'dev-db/postgresql'
In order to fix the SECURITY DEFINER functions, PostgreSQL users are
advised to refer to the PostgreSQL documentation: http://www.postgresql

Risk factor :

Medium / CVSS Base Score : 6.0

Family: Gentoo Local Security Checks

Nessus Plugin ID: 25208 (gentoo_GLSA-200705-12.nasl)

Bugtraq ID:

CVE ID: CVE-2007-2138