Home > mailing lists

Re: BUG #16448: Remote code execution vulnerability - Mailing list pgsql-bugs

From	David G. Johnston
Subject	Re: BUG #16448: Remote code execution vulnerability
Date	May 18, 2020 17:22:56
Msg-id	CAKFQuwaSYf+upv63s3VuP49ZoPDUOmH_PNY7JSTWL-SNtocvbQ@mail.gmail.com Whole thread Raw
In response to	BUG #16448: Remote code execution vulnerability (PG Bug reporting form <noreply@postgresql.org>)
List	pgsql-bugs

Tree view

On Mon, May 18, 2020 at 2:41 AM PG Bug reporting form <noreply@postgresql.org> wrote:

The following bug has been logged on the website:

Bug reference: 16448
Logged by: yi Ding
Email address: abcxiaod@126.com
PostgreSQL version: 10.12
Operating system: linux
Description:

A common user created a function in the public space and added some
malicious codes in the function, when other users with superuser rights call
this function, the malicious code will be executed , so as to achieve the
purpose of remote malicious code execution.

The project respectfully requests that security related concerns be reported to the security list as opposed to the public bug report listing.

https://www.postgresql.org/support/

security@postgresql.org

David J.

pgsql-bugs by date:

From: Heikki Linnakangas
Date: 18 May 2020, 12:49:51
Subject: Re: BUG #16448: Remote code execution vulnerability

From: Peter Eisentraut
Date: 18 May 2020, 17:57:26
Subject: Re: BUG #16441: Cannot multi-insert into generated column withDEFAULT value

Re: BUG #16448: Remote code execution vulnerability - Mailing list pgsql-bugs

Previous

Next