CVE-2005-0227 — MEDIUM (4.3)

Q: What is CVE-2005-0227?

CVE-2005-0227 is a vulnerability with a CVSS score of 4.3 (MEDIUM). PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.

Q: How severe is CVE-2005-0227?

CVE-2005-0227 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-0227?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql.

Vulnerability Description

PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.

CVSS Score

4.3

MEDIUM

AV:L/AC:L/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Postgresql	Postgresql	>= 7.3.0, < 7.3.9

Related Weaknesses (CWE)

CWE-94

References

http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.phpPatchVendor Advisory
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.phpVendor Advisory
http://marc.info/?l=bugtraq&m=110726899107148&w=2Mailing ListThird Party Advisory
http://secunia.com/advisories/12948Third Party Advisory
http://security.gentoo.org/glsa/glsa-200502-08.xmlThird Party Advisory
http://www.debian.org/security/2005/dsa-668Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:040Broken Link
http://www.novell.com/linux/security/advisories/2005_36_sudo.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2005-138.htmlPatchThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2005-150.htmlThird Party Advisory
http://www.securityfocus.com/bid/12411Broken Link
http://www.trustix.org/errata/2005/0003/PatchThird Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.phpPatchVendor Advisory
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.phpVendor Advisory

FAQ

What is CVE-2005-0227?

CVE-2005-0227 is a vulnerability with a CVSS score of 4.3 (MEDIUM). PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.

How severe is CVE-2005-0227?

CVE-2005-0227 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-0227?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql.