heise PlusAbo
Anzeige

Root vulnerability threatens PostgreSQL database management system

The PostgreSQL developers have closed a vulnerability in current versions. Attackers can execute malicious code.

listen Print view

(Image: Tatiana Popova/Shutterstock.com)

1 min. read
Security
By

Attackers can attack systems running the PostgreSQL database management system and, in the worst case, compromise them. Secured versions provide a remedy.

According to a warning message, attackers who can create objects can manipulate them in the course of a time-of-check-time-of-use attack (TOCTOU). Due to the vulnerability (CVE-2024-7348 "high"), it is possible to execute your own SQL commands in the context of pg_dump. The problem is that pg_dump usually runs with root privileges, allowing attackers to execute malicious code with far-reaching rights.

Videos by heise

The developers state that they have closed the vulnerability in versions12.20, 13.16, 14.13, 15.8 and 16.4. They are not currently specifying whether there are already attacks.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten