Bug 237682 (CVE-2007-2138)

Summary: CVE-2007-2138 PostgreSQL security-definer function privilege escalation
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Tom Lane <tgl>
Status: CLOSED NEXTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bojan, hhorak, lkundrak
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 8.2.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-04 04:15:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Josh Bressers 2007-04-24 18:46:32 UTC
+++ This bug was initially created as a clone of Bug #237680 +++

Quoting the PostgreSQL release notes:
http://www.postgresql.org/docs/8.2/static/release-8-2-4.html

    Support explicit placement of the temporary-table schema within search_path, 
    and disable searching it for functions and operators (Tom)

    This is needed to allow a security-definer function to set a truly secure 
    value of search_path. Without it, an unprivileged SQL user can use temporary 
    objects to execute code with the privileges of the security-definer function 
    (CVE-2007-2138). See CREATE FUNCTION for more information.

This flaw also affects FC5 and FC7

Comment 1 Tom Lane 2007-04-24 21:53:29 UTC
I've built the following:
F7   postgresql-8.2.4-1.fc7
FC6  postgresql-8.1.9-1.fc6
FC5  postgresql-8.1.9-1.fc5

Comment 2 Lubomir Kundrak 2007-04-25 15:32:19 UTC
*** Bug 156726 has been marked as a duplicate of this bug. ***

Comment 3 Tom Lane 2007-04-25 15:34:47 UTC
*** Bug 237825 has been marked as a duplicate of this bug. ***

Comment 4 Bojan Smojver 2007-04-27 23:08:01 UTC
I see you built the RPMS on the 24th. Any reason why they are not in updates for
FC6?

Comment 5 Fedora Update System 2007-06-04 04:15:42 UTC
postgresql-8.2.4-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.