Oval Definition:	oval:com.ubuntu.precise:def:20120866000
Revision Date: 2012-07-18 Version: 1 Title: CVE-2012-0866 on Ubuntu 12.04 LTS (precise) - medium. Description: CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table. Family: unix Class: vulnerability Status: Reference(s): CVE-2012-0866 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND Package Information NOT While related to the CVE in some way, the 'postgresql-8.4' package in precise is not affected (note: '8.4.11-1'). OR The 'postgresql-9.1' package in precise was vulnerable but has been fixed (note: '9.1.3-1').
BACK