Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0244

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2005-0244
Last Modified 21 Aug 2010 12:25:43
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2005-0244

Summary

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.

Vulnerable Systems

Application

  • Postgresql 7.2

  • Postgresql 7.2.1

  • Postgresql 7.2.2

  • Postgresql 7.2.3

  • Postgresql 7.2.4

  • Postgresql 7.2.5

  • Postgresql 7.2.6

  • Postgresql 7.2.7

  • Postgresql 7.3

  • Postgresql 7.3.1

  • Postgresql 7.3.2

  • Postgresql 7.3.3

  • Postgresql 7.3.4

  • Postgresql 7.3.5

  • Postgresql 7.3.6

  • Postgresql 7.3.7

  • Postgresql 7.3.8

  • Postgresql 7.3.9

  • Postgresql 7.4

  • Postgresql 7.4.1

  • Postgresql 7.4.2

  • Postgresql 7.4.3

  • Postgresql 7.4.4

  • Postgresql 7.4.5

  • Postgresql 7.4.6

  • Postgresql 7.4.7

  • Postgresql 8.0.0


References

XF - postgresql-security-bypass(19184)

REDHAT - RHSA-2005:138

SECUNIA - 12948

BUGTRAQ - 20050210 [USN-79-1] PostgreSQL vulnerabilities

BID - 12417

SUSE - SUSE-SA:2005:036

MANDRAKE - MDKSA-2005:040

MLIST - [pgsql-hackers] 20050127 Permissions on aggregate component functions


Last Updated: 27 May 2016 10:39:44