Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3230

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2009-3230
Last Modified 21 Aug 2010 01:35:27
Published 17 Sep 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-3230

Summary

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.

Vulnerable Systems

Application

  • Postgresql 7.4

  • Postgresql 7.4.1

  • Postgresql 7.4.10

  • Postgresql 7.4.11

  • Postgresql 7.4.12

  • Postgresql 7.4.13

  • Postgresql 7.4.14

  • Postgresql 7.4.15

  • Postgresql 7.4.16

  • Postgresql 7.4.17

  • Postgresql 7.4.18

  • Postgresql 7.4.19

  • Postgresql 7.4.2

  • Postgresql 7.4.20

  • Postgresql 7.4.21

  • Postgresql 7.4.22

  • Postgresql 7.4.23

  • Postgresql 7.4.24

  • Postgresql 7.4.25

  • Postgresql 7.4.3

  • Postgresql 7.4.4

  • Postgresql 7.4.5

  • Postgresql 7.4.6

  • Postgresql 7.4.7

  • Postgresql 7.4.8

  • Postgresql 7.4.9

  • Postgresql 8.0

  • Postgresql 8.0.1

  • Postgresql 8.0.10

  • Postgresql 8.0.11

  • Postgresql 8.0.12

  • Postgresql 8.0.13

  • Postgresql 8.0.14

  • Postgresql 8.0.15

  • Postgresql 8.0.16

  • Postgresql 8.0.17

  • Postgresql 8.0.18

  • Postgresql 8.0.19

  • Postgresql 8.0.2

  • Postgresql 8.0.20

  • Postgresql 8.0.21

  • Postgresql 8.0.3

  • Postgresql 8.0.4

  • Postgresql 8.0.5

  • Postgresql 8.0.6

  • Postgresql 8.0.7

  • Postgresql 8.0.8

  • Postgresql 8.0.9

  • Postgresql 8.1

  • Postgresql 8.1.1

  • Postgresql 8.1.10

  • Postgresql 8.1.11

  • Postgresql 8.1.12

  • Postgresql 8.1.13

  • Postgresql 8.1.14

  • Postgresql 8.1.15

  • Postgresql 8.1.16

  • Postgresql 8.1.2

  • Postgresql 8.1.3

  • Postgresql 8.1.4

  • Postgresql 8.1.5

  • Postgresql 8.1.6

  • Postgresql 8.1.7

  • Postgresql 8.1.8

  • Postgresql 8.1.9

  • Postgresql 8.2

  • Postgresql 8.2.1

  • Postgresql 8.2.10

  • Postgresql 8.2.11

  • Postgresql 8.2.12

  • Postgresql 8.2.13

  • Postgresql 8.2.2

  • Postgresql 8.2.3

  • Postgresql 8.2.4

  • Postgresql 8.2.5

  • Postgresql 8.2.6

  • Postgresql 8.2.7

  • Postgresql 8.2.8

  • Postgresql 8.2.9

  • Postgresql 8.3.1

  • Postgresql 8.3.2

  • Postgresql 8.3.3

  • Postgresql 8.3.4

  • Postgresql 8.3.5

  • Postgresql 8.3.6

  • Postgresql 8.3.7

  • Postgresql 8.4


References

FEDORA - FEDORA-2009-9474

FEDORA - FEDORA-2009-9473

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=522085

VUPEN - ADV-2009-2602

DEBIAN - DSA-1900

UBUNTU - USN-834-1

BID - 36314

BUGTRAQ - 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server

CONFIRM - http://www.postgresql.org/support/security.html

CONFIRM - http://www.postgresql.org/docs/8.3/static/release-8-3-8.html

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012

SUNALERT - 270408

SECUNIA - 36837

SECUNIA - 36800

SECUNIA - 36727

SECUNIA - 36695

SECUNIA - 36660

SUSE - SUSE-SR:2009:017

SUSE - SUSE-SR:2009:016

MLIST - [pgsql-www] 20090909 Re: Incorrect CVE reference on security page


Last Updated: 27 May 2016 10:51:10