CVE-2007-6600

Sažetak

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

Reference

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
http://secunia.com/advisories/28359
http://secunia.com/advisories/28376
http://secunia.com/advisories/28437
http://secunia.com/advisories/28438
http://secunia.com/advisories/28445
http://secunia.com/advisories/28454
http://secunia.com/advisories/28455
http://secunia.com/advisories/28464
http://secunia.com/advisories/28477
http://secunia.com/advisories/28479
http://secunia.com/advisories/28679
http://secunia.com/advisories/28698
http://secunia.com/advisories/29638
http://security.gentoo.org/glsa/glsa-200801-15.xml
http://securitytracker.com/id?1019157
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
http://www.debian.org/security/2008/dsa-1460
http://www.debian.org/security/2008/dsa-1463
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
http://www.postgresql.org/about/news.905
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://www.redhat.com/support/errata/RHSA-2008-0039.html
http://www.redhat.com/support/errata/RHSA-2008-0040.html
http://www.securityfocus.com/archive/1/485864/100/0/threaded
http://www.securityfocus.com/archive/1/486407/100/0/threaded
http://www.securityfocus.com/bid/27163
http://www.vupen.com/english/advisories/2008/0061
http://www.vupen.com/english/advisories/2008/0109
http://www.vupen.com/english/advisories/2008/1071/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/39496
https://issues.rpath.com/browse/RPL-1768
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493
https://usn.ubuntu.com/568-1/
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-10-2018 - 21:55

Objavljeno

09-01-2008 - 21:46