| From: | Ray Stell <stellr(at)cns(dot)vt(dot)edu> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | bugtraq post |
| Date: | 2007-06-17 12:56:06 |
| Message-ID: | 20070617125606.GA17612@cns.vt.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
For the security minded:
Nico Leidecker <nicoLeidecker(at)web(dot)de> posted this to bugtraq yesterday, fyi.
"I'd like to present a paper about security issues with PostgreSQL. The paper describes weaknesses in the configuration that may
+allow attackers to escalade privileges, execute shell commands and to upload arbitrary (binary) files via SQL injections.
You can either get the TXT version from http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
Or as PDF at at http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
The paper comes with a tool called `pgshell' that can be downloaded at http://www.leidecker.info/pgshell"
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Devrim GÜNDÜZ | 2007-06-17 19:03:11 | Re: Which file to download binary, rpms or srpms? |
| Previous Message | Abraham, Danny | 2007-06-17 10:55:51 | Bug #2993 on PG 8.2.4 |