Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0553

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2006-0553
Last Modified 07 Mar 2011 09:30:17
Published 14 Feb 2006 02:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-0553

Summary

PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.

Vulnerable Systems

Application

  • Postgresql 8.1.0

  • Postgresql 8.1.1

  • Postgresql 8.1.2


References

CERT-VN - VU#567452

SECUNIA - 18890

XF - postgresql-setrole-privilege-elevation(24718)

VUPEN - ADV-2006-0605

BID - 16649

BUGTRAQ - 20060215 PostgreSQL security releases 8.1.3, 8.0.7, 7.4.12, 7.3.14

CONFIRM - http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3

OPENPKG - OpenPKG-SA-2006.004

SECTRACK - 1015636

MLIST - [pgsql-announce] 20060214 Minor Releases 7.3 thru 8.1 Available to Fix Security Issue


Last Updated: 27 May 2016 10:41:42