Red Hat Bugzilla – Bug 237823
CVE-2007-2138 SECURITY DEFINER related privilege escalation in PostgreSQL
Last modified: 2013-07-02 23:12:55 EDT
Description of problem:
PostgreSQL released a security update that reportedly fixes a bug, that
allowed unprivileged users execute code with privilegies of SECURITY
See URL for details.
Tom, as PostgreSQL is far beyond the scope of my understanding, could you
please help me determine the following:
1.) whether the flaw affects the 7.1 line, as used in RHEL2.1? I assume it
affects other supported releases, as update was released for the respective
2.) how serious the bug is. Is this similar to #156726, where an authenticated
users user could gain superuser rights? Or is it less likely to be exploited?
I have no idea what a SECURITY DEFINER is, and in with what privileges are
those functions executed.
*** This bug has been marked as a duplicate of 237680 ***