Input validation error in PostgreSQL - CVE-2004-0977

Description

The vulnerability allows a local user to corrupt data.

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

Remediation

External links

• http://www.securityfocus.com/bid/11295
• http://www.debian.org/security/2004/dsa-577
• http://security.gentoo.org/glsa/glsa-200410-16.xml
• http://www.redhat.com/support/errata/RHSA-2004-489.html
• http://www.trustix.org/errata/2004/0050
• http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300
• http://www.mandriva.com/security/advisories?name=MDKSA-2004:149
• http://marc.info/?l=bugtraq&m=109910073808903&w=2
• https://www.ubuntu.com/usn/usn-6-1/
• https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11360