4.3

CVE-2005-0227

PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostgresqlPostgresql Version >= 7.3.0 < 7.3.9
PostgresqlPostgresql Version >= 7.4 < 7.4.7
PostgresqlPostgresql Version >= 8.0 < 8.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.387
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 3.1 6.4
AV:L/AC:L/Au:S/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.trustix.org/errata/2005/0003/
Patch
Third Party Advisory
http://secunia.com/advisories/12948
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
Broken Link
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-138.html
Patch
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2005-150.html
Third Party Advisory
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
Patch
Vendor Advisory
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
Vendor Advisory
http://marc.info/?l=bugtraq&m=110726899107148&w=2
Third Party Advisory
Mailing List
http://security.gentoo.org/glsa/glsa-200502-08.xml
Third Party Advisory
http://www.debian.org/security/2005/dsa-668
Third Party Advisory
http://www.securityfocus.com/bid/12411
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234
Broken Link