mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-10-02 06:31:20 +02:00
de494ec14f
Substituting such values in extension scripts facilitated SQL injection when @extowner@, @extschema@, or @extschema:...@ appeared inside a quoting construct (dollar quoting, '', or ""). No bundled extension was vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite was an administrator having installed files of a vulnerable, trusted, non-bundled extension. Subject to that prerequisite, this enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. By blocking this attack in the core server, there's no need to modify individual extensions. Back-patch to v11 (all supported versions). Reported by Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg. Security: CVE-2023-39417 |
||
---|---|---|
.. | ||
aggregatecmds.c | ||
alter.c | ||
amcmds.c | ||
analyze.c | ||
async.c | ||
cluster.c | ||
collationcmds.c | ||
comment.c | ||
constraint.c | ||
conversioncmds.c | ||
copy.c | ||
copyfrom.c | ||
copyfromparse.c | ||
copyto.c | ||
createas.c | ||
dbcommands.c | ||
define.c | ||
discard.c | ||
dropcmds.c | ||
event_trigger.c | ||
explain.c | ||
extension.c | ||
foreigncmds.c | ||
functioncmds.c | ||
indexcmds.c | ||
lockcmds.c | ||
Makefile | ||
matview.c | ||
opclasscmds.c | ||
operatorcmds.c | ||
policy.c | ||
portalcmds.c | ||
prepare.c | ||
proclang.c | ||
publicationcmds.c | ||
schemacmds.c | ||
seclabel.c | ||
sequence.c | ||
statscmds.c | ||
subscriptioncmds.c | ||
tablecmds.c | ||
tablespace.c | ||
trigger.c | ||
tsearchcmds.c | ||
typecmds.c | ||
user.c | ||
vacuum.c | ||
vacuumparallel.c | ||
variable.c | ||
view.c |