Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0866

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-0866
Last Modified 03 Jan 2013 11:36:03
Published 18 Jul 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-0866

Summary

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

Vulnerable Systems

Application

  • Postgresql 8.3

  • Postgresql 8.3.1

  • Postgresql 8.3.10

  • Postgresql 8.3.11

  • Postgresql 8.3.12

  • Postgresql 8.3.13

  • Postgresql 8.3.14

  • Postgresql 8.3.15

  • Postgresql 8.3.16

  • Postgresql 8.3.17

  • Postgresql 8.3.2

  • Postgresql 8.3.3

  • Postgresql 8.3.4

  • Postgresql 8.3.5

  • Postgresql 8.3.6

  • Postgresql 8.3.7

  • Postgresql 8.3.8

  • Postgresql 8.3.9

  • Postgresql 8.4

  • Postgresql 8.4.1

  • Postgresql 8.4.10

  • Postgresql 8.4.2

  • Postgresql 8.4.3

  • Postgresql 8.4.4

  • Postgresql 8.4.5

  • Postgresql 8.4.6

  • Postgresql 8.4.7

  • Postgresql 8.4.8

  • Postgresql 8.4.9

  • Postgresql 9.0

  • Postgresql 9.0.1

  • Postgresql 9.0.2

  • Postgresql 9.0.3

  • Postgresql 9.0.4

  • Postgresql 9.0.5

  • Postgresql 9.0.6

  • Postgresql 9.1

  • Postgresql 9.1.1

  • Postgresql 9.1.2


References

CONFIRM - http://www.postgresql.org/docs/9.1/static/release-9-1-3.html

CONFIRM - http://www.postgresql.org/docs/9.0/static/release-9-0-7.html

CONFIRM - http://www.postgresql.org/docs/8.4/static/release-8-4-11.html

CONFIRM - http://www.postgresql.org/docs/8.3/static/release-8-3-18.html

CONFIRM - http://www.postgresql.org/about/news/1377/

MANDRIVA - MDVSA-2012:092

MANDRIVA - MDVSA-2012:027

MANDRIVA - MDVSA-2012:026

DEBIAN - DSA-2418

REDHAT - RHSA-2012:0678

REDHAT - RHSA-2012:0677

SUSE - openSUSE-SU-2012:1173

SECUNIA - 49273

SECUNIA - 49272

Related Patches

Red Hat 2012:0677-01 RHSA Moderate: postgresql security update for RHEL 5 x86

Red Hat 2012:0678-01 RHSA Moderate: postgresql and postgresql84 security update for RHEL 5 x86

Novell SUSE 2012:6023 postgresql security update for SLE 11 SP1 i586

Novell SUSE 2012:6023 postgresql security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8071 postgresql security update for SLE 10 SP4 i586

Novell SUSE 2012:8071 postgresql security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:54:55