QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-4136

Back to search

CVE-2009-4136

Published: Dec 15, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2010:0427
vendor-advisory
x_refsource_REDHAT
RHSA-2010:0428
vendor-advisory
x_refsource_REDHAT
HPSBMU02781
vendor-advisory
x_refsource_HP
1023326
vdb-entry
x_refsource_SECTRACK
39820
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-13363
vendor-advisory
x_refsource_FEDORA
oval:org.mitre.oval:def:9358
vdb-entry
signature
x_refsource_OVAL
SUSE-SR:2010:001
vendor-advisory
x_refsource_SUSE
FEDORA-2009-13381
vendor-advisory
x_refsource_FEDORA
MDVSA-2009:333
vendor-advisory
x_refsource_MANDRIVA
ADV-2009-3519
vdb-entry
x_refsource_VUPEN
61039
vdb-entry
x_refsource_OSVDB
37663
third-party-advisory
x_refsource_SECUNIA
37333
vdb-entry
x_refsource_BID
RHSA-2010:0429
vendor-advisory
x_refsource_REDHAT
SSRT100617
vendor-advisory
x_refsource_HP
ADV-2010-1197
vdb-entry
x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now