[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-0866Date: (C)2012-07-18   (M)2024-03-21


CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-49272
SECUNIA-49273
DSA-2418
MDVSA-2012:026
MDVSA-2012:027
MDVSA-2012:092
RHSA-2012:0677
RHSA-2012:0678
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.postgresql.org/about/news/1377/
http://www.postgresql.org/docs/8.3/static/release-8-3-18.html
http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
openSUSE-SU-2012:1173

CPE    39
cpe:/a:postgresql:postgresql:8.4.7
cpe:/a:postgresql:postgresql:8.3.14
cpe:/a:postgresql:postgresql:8.4.6
cpe:/a:postgresql:postgresql:8.3.15
...
CWE    1
CWE-264
OVAL    24
oval:org.secpod.oval:def:302874
oval:org.secpod.oval:def:1000363
oval:org.secpod.oval:def:1300018
oval:org.secpod.oval:def:500799
...

© SecPod Technologies