Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6600

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2007-6600
Last Modified 07 Mar 2011 10:03:16
Published 09 Jan 2008 04:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-6600

Summary

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

Vulnerable Systems

Application

  • Postgresql 7.3

  • Postgresql 7.3.1

  • Postgresql 7.3.10

  • Postgresql 7.3.11

  • Postgresql 7.3.12

  • Postgresql 7.3.13

  • Postgresql 7.3.14

  • Postgresql 7.3.15

  • Postgresql 7.3.16

  • Postgresql 7.3.17

  • Postgresql 7.3.18

  • Postgresql 7.3.19

  • Postgresql 7.3.2

  • Postgresql 7.3.3

  • Postgresql 7.3.4

  • Postgresql 7.3.5

  • Postgresql 7.3.6

  • Postgresql 7.3.7

  • Postgresql 7.3.8

  • Postgresql 7.3.9

  • Postgresql 7.4

  • Postgresql 7.4.1

  • Postgresql 7.4.10

  • Postgresql 7.4.11

  • Postgresql 7.4.12

  • Postgresql 7.4.13

  • Postgresql 7.4.14

  • Postgresql 7.4.16

  • Postgresql 7.4.17

  • Postgresql 7.4.18

  • Postgresql 7.4.2

  • Postgresql 7.4.3

  • Postgresql 7.4.4

  • Postgresql 7.4.5

  • Postgresql 7.4.6

  • Postgresql 7.4.7

  • Postgresql 7.4.8

  • Postgresql 7.4.9

  • Postgresql 8.0

  • Postgresql 8.0.0

  • Postgresql 8.0.1

  • Postgresql 8.0.10

  • Postgresql 8.0.11

  • Postgresql 8.0.12

  • Postgresql 8.0.13

  • Postgresql 8.0.14

  • Postgresql 8.0.2

  • Postgresql 8.0.3

  • Postgresql 8.0.4

  • Postgresql 8.0.5

  • Postgresql 8.0.6

  • Postgresql 8.0.7

  • Postgresql 8.0.8

  • Postgresql 8.0.9

  • Postgresql 8.1.1

  • Postgresql 8.1.10

  • Postgresql 8.1.2

  • Postgresql 8.1.3

  • Postgresql 8.1.4

  • Postgresql 8.1.5

  • Postgresql 8.1.6

  • Postgresql 8.1.7

  • Postgresql 8.1.8

  • Postgresql 8.1.9

  • Postgresql 8.2

  • Postgresql 8.2.1

  • Postgresql 8.2.2

  • Postgresql 8.2.3

  • Postgresql 8.2.4

  • Postgresql 8.2.5


References

BID - 27163

CONFIRM - http://www.postgresql.org/about/news.905

FEDORA - FEDORA-2008-0552

FEDORA - FEDORA-2008-0478

CONFIRM - https://issues.rpath.com/browse/RPL-1768

XF - postgresql-indexfunctions-priv-escalation(39496)

VUPEN - ADV-2008-1071

VUPEN - ADV-2008-0109

VUPEN - ADV-2008-0061

UBUNTU - USN-568-1

BUGTRAQ - 20080115 rPSA-2008-0016-1 postgresql postgresql-server

BUGTRAQ - 20080107 PostgreSQL 2007-01-07 Cumulative Security Release

REDHAT - RHSA-2008:0040

REDHAT - RHSA-2008:0039

REDHAT - RHSA-2008:0038

MANDRIVA - MDVSA-2008:004

DEBIAN - DSA-1463

DEBIAN - DSA-1460

SUNALERT - 200559

SUNALERT - 103197

SECTRACK - 1019157

GENTOO - GLSA-200801-15

SECUNIA - 29638

SECUNIA - 28698

SECUNIA - 28679

SECUNIA - 28479

SECUNIA - 28477

SECUNIA - 28464

SECUNIA - 28455

SECUNIA - 28454

SECUNIA - 28445

SECUNIA - 28438

SECUNIA - 28437

SECUNIA - 28376

SECUNIA - 28359

SUSE - SUSE-SA:2008:005

HP - HPSBTU02325

HP - SSRT080006

Related Patches

Novell SUSE 2008:4962 postgresql security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 11:02:31