ubuntu · CVE-2009-4136

Quick triage

Priority: medium Published: 2009-12-15 00:00:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2009-4136 medium priority: Ubuntu including 6 source packages (postgresql-7.4, postgresql-8.0, postgresql-8.1, postgresql-8.2, postgresql-8.3, postgresql-8.4), 60 status rows across 10 suites (dapper, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): DNE 41, needs-triage 6, released 5, ignored 4, not-affected 4.

Description:

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.

cvelogic Threat Intelligence