mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-10-02 06:31:20 +02:00
de494ec14f
Substituting such values in extension scripts facilitated SQL injection when @extowner@, @extschema@, or @extschema:...@ appeared inside a quoting construct (dollar quoting, '', or ""). No bundled extension was vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite was an administrator having installed files of a vulnerable, trusted, non-bundled extension. Subject to that prerequisite, this enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. By blocking this attack in the core server, there's no need to modify individual extensions. Back-patch to v11 (all supported versions). Reported by Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg. Security: CVE-2023-39417 |
||
|---|---|---|
| .. | ||
| aggregatecmds.c | ||
| alter.c | ||
| amcmds.c | ||
| analyze.c | ||
| async.c | ||
| cluster.c | ||
| collationcmds.c | ||
| comment.c | ||
| constraint.c | ||
| conversioncmds.c | ||
| copy.c | ||
| copyfrom.c | ||
| copyfromparse.c | ||
| copyto.c | ||
| createas.c | ||
| dbcommands.c | ||
| define.c | ||
| discard.c | ||
| dropcmds.c | ||
| event_trigger.c | ||
| explain.c | ||
| extension.c | ||
| foreigncmds.c | ||
| functioncmds.c | ||
| indexcmds.c | ||
| lockcmds.c | ||
| Makefile | ||
| matview.c | ||
| opclasscmds.c | ||
| operatorcmds.c | ||
| policy.c | ||
| portalcmds.c | ||
| prepare.c | ||
| proclang.c | ||
| publicationcmds.c | ||
| schemacmds.c | ||
| seclabel.c | ||
| sequence.c | ||
| statscmds.c | ||
| subscriptioncmds.c | ||
| tablecmds.c | ||
| tablespace.c | ||
| trigger.c | ||
| tsearchcmds.c | ||
| typecmds.c | ||
| user.c | ||
| vacuum.c | ||
| vacuumparallel.c | ||
| variable.c | ||
| view.c | ||