SB2024020259 - Input validation error in PostgreSQL
Published: February 2, 2024 Updated: June 23, 2025
Security Bulletin ID
SB2024020259
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2004-0977)
The vulnerability allows a local user to corrupt data.
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
Remediation
Install update from vendor's website.
References
- http://www.securityfocus.com/bid/11295
- http://www.debian.org/security/2004/dsa-577
- http://security.gentoo.org/glsa/glsa-200410-16.xml
- http://www.redhat.com/support/errata/RHSA-2004-489.html
- http://www.trustix.org/errata/2004/0050
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:149
- http://marc.info/?l=bugtraq&m=109910073808903&w=2
- https://www.ubuntu.com/usn/usn-6-1/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360