PostgreSQL Security fix

2/1 には気付いていましたが、source が分からなかったので書かなかった分。
http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
http://security.gentoo.org/ より。

Description
===========
PostgreSQL's LOAD extension is vulnerable to a local privilege escalation discovered by John Heasman. A local user can load any shared library, but the initialization function will then be executed with the permissions of the PostgreSQL server.

Workaround
==========
There is no know workaround at this time.

一般ユーザが postgresql に好きなライブラリ(Winでいうdll) を読ませることができ、それにより PostgreSQL の管理者権限が奪う事が可能(OS の postgres ユーザになることができる)ということらしいです。
7.2.7, 7.3.9, 7.4.7, 8.0.1 に Update しましょう。ということで。
PostgreSQL Security Release for versions 8.0, 7.4, 7.3, & 7.2

perl も

#33990: setuid perl security issues (guest/guest でログイン)

Date: Mon, 31 Jan 2005 15:55:36 +0000
Who was already planning to start the 5.8.7 release process at the end of February.

とのことですが、「Current Release: 5.8.6」と表示されてますね。

Description: (Description でない部分は略)
In the July 18, 2002 highlights for Perl 5.8.0 there was a 'New IO Implementation' added called PerlIO. The new PerlIO implementation was described as both a portable stdio implementation (at the source code level) and a flexible new framework for richer I/O behaviours.

As an attacker I would definately say that PerlIO has some rich behavior. Two vulnerabilities were located in the PerlIO package that can allow an attacker to take root on a machine that makes use of setuid perl aka sperl. The first vulnerability was outlined in DMA[2005-0131a], details on the second vulnerability will be explained below.

bugtraq MLより