Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

Ubuntu: PostgreSQL vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) Ubuntu: PostgreSQL vulnerabilities
# 1  
Old 01-14-2008
Ubuntu: PostgreSQL vulnerabilities
LinuxSecurity.com: Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. (CVE-2007-3278, CVE-2007-6601)

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Ubuntu

istalling postgresql driver on ubuntu

Hello everybody i am working on ubuntu 9.4 and i want to connect from erlang program to postgresql database i download the driver for postgresql from Open Source Projects from Erlang Training and Consultng Ltd. then i try to setup this driver using make install and it didn't work, So can... (4 Replies)
Discussion started by: Reham$
4 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

pg_wrapper

PG_WRAPPER(1)						 Debian PostgreSQL infrastructure					     PG_WRAPPER(1)

NAME

       pg_wrapper - wrapper for PostgreSQL client commands

SYNOPSIS

       client-program [--cluster version/cluster] [...]

       (client-program: psql, createdb, dropuser, and all other client programs installed in /usr/lib/postgresql/version/bin).

DESCRIPTION

       This program is run only as a link to names which correspond to PostgreSQL programs in /usr/lib/postgresql/version/bin. It determines the
       configured cluster and database for the user and calls the appropriate version of the desired program to connect to that cluster and
       database, supplying any specified options to that command.

       The target cluster is selected by the following means, in descending order of precedence:

       1.  explicit specification with the --host option

       2.  explicit specification with the --cluster option

       3.  if the PGHOST environment variable is set, no further cluster selection is performed. The default PostgreSQL version and port number
	   (from the command line, the environment variable PGPORT, or default 5432) will be used.

       4.  explicit specification with the PGCLUSTER environment variable

       5.  matching entry in ~/.postgresqlrc (see postgresqlrc(5)), if that file exists

       6.  matching entry in /etc/postgresql-common/user_clusters (see user_clusters(5)), if that file exists

       7.  If only one local cluster exists, that one will be selected.

       8.  If several local clusters exist, the one listening on the default port 5432 will be selected.

       If none of these rules match, pg_wrapper aborts with an error.

OPTIONS

       --cluster version/cluster
	   cluster is either the name of a local cluster, or takes the form host:port for a remote cluster. If port is left empty (i. e. you just
	   specify host:), it defaults to 5432.

ENVIRONMENT

       PGCLUSTER
	   If $PGCLUSTER is set, its value (of the form version/cluster) specifies the desired cluster, similar to the --cluster option. However,
	   if --cluster is specified, it overrides the value of $PGCLUSTER.

       PG_CLUSTER_CONF_ROOT
	   This specifies an alternative base directory for cluster configurations. This is usually /etc/postgresql/, but for testing/development
	   purposes you can change this to point to e. g. your home directory, so that you can use the postgresql-common tools without root
	   privileges.

FILES

       /etc/postgresql-common/user_clusters
	   stores the default cluster and database for users and groups as set by the administrators.

       $HOME/.postgresqlrc
	   stores defaults set by the user himself.

SEE ALSO

       user_clusters(5), postgresqlrc(5)

AUTHOR

       Martin Pitt <mpitt@debian.org>

Debian								    2013-01-04							     PG_WRAPPER(1)