[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6600Date: (C)2008-01-09   (M)2024-02-22


PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1019157
SUNALERT-103197
SUNALERT-200559
http://www.securityfocus.com/archive/1/485864/100/0/threaded
http://www.securityfocus.com/archive/1/486407/100/0/threaded
BID-27163
SECUNIA-28359
SECUNIA-28376
SECUNIA-28437
SECUNIA-28438
SECUNIA-28445
SECUNIA-28454
SECUNIA-28455
SECUNIA-28464
SECUNIA-28477
SECUNIA-28479
SECUNIA-28679
SECUNIA-28698
SECUNIA-29638
ADV-2008-0061
ADV-2008-0109
ADV-2008-1071
DSA-1460
DSA-1463
FEDORA-2008-0478
FEDORA-2008-0552
GLSA-200801-15
MDVSA-2008:004
RHSA-2008:0038
RHSA-2008:0039
RHSA-2008:0040
SSRT080006
SUSE-SA:2008:005
USN-568-1
http://www.postgresql.org/about/news.905
https://issues.rpath.com/browse/RPL-1768
oval:org.mitre.oval:def:10493
postgresql-indexfunctions-priv-escalation(39496)

CPE    50
cpe:/a:postgresql:postgresql:7.4.10
cpe:/a:postgresql:postgresql:7.4.11
cpe:/a:postgresql:postgresql:7.4.9
cpe:/a:postgresql:postgresql:7.4.8
...
CWE    1
CWE-264
OVAL    14
oval:org.secpod.oval:def:500676
oval:org.secpod.oval:def:101697
oval:org.secpod.oval:def:200335
oval:org.secpod.oval:def:200258
...

© SecPod Technologies