FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postgresql-contrib -- insecure temporary file creation

Affected packages
postgresql-contrib < 7.2.6
7.3.* < postgresql-contrib < 7.3.8
7.4.* < postgresql-contrib < 7.4.6

Details

VuXML ID 6a164d84-2f7f-11d9-a9e7-0001020eed82
Discovery 2004-09-10
Entry 2004-11-06

The make_oidjoins_check script in the PostgreSQL RDBMS has insecure handling of temporary files, which could lead to an attacker overwriting arbitrary files with the credentials of the user running the make_oidjoins_check script.

References

Bugtraq ID 11295
CVE Name CVE-2004-0977
URL http://www.postgresql.org/news/234.html
URL http://www.trustix.net/errata/2004/0050/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.