Published: 09/01/2008 Updated: 15/10/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

PostgreSQL 8.2 prior to 8.2.6, 8.1 prior to 8.1.11, 8.0 prior to 8.0.15, 7.4 prior to 7.4.19, and 7.3 prior to 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 7.3.13
postgresql postgresql 7.3.14
postgresql postgresql 7.3.8
postgresql postgresql 7.3.9
postgresql postgresql 7.4.14
postgresql postgresql 7.4.16
postgresql postgresql 7.4.7
postgresql postgresql 7.4.8
postgresql postgresql 8.0.4
postgresql postgresql 8.0.5
postgresql postgresql 8.1.5
postgresql postgresql 8.1.7
postgresql postgresql 8.2.5
postgresql postgresql 8.1.10
postgresql postgresql 8.0.14
postgresql postgresql 8.0.0
postgresql postgresql 7.4.18
postgresql postgresql 7.3.1
postgresql postgresql 7.3.10
postgresql postgresql 7.3.19
postgresql postgresql 7.3.2
postgresql postgresql 7.3.3
postgresql postgresql 7.4.10
postgresql postgresql 7.4.11
postgresql postgresql 7.4.3
postgresql postgresql 7.4.4
postgresql postgresql 8.0.11
postgresql postgresql 8.0.13
postgresql postgresql 8.0.9
postgresql postgresql 8.1.1
postgresql postgresql 8.2
postgresql postgresql 8.2.2
postgresql postgresql 8.0.6
postgresql postgresql 8.2.1
postgresql postgresql 7.3.17
postgresql postgresql 7.3.18
postgresql postgresql 7.3
postgresql postgresql 7.3.15
postgresql postgresql 7.3.16
postgresql postgresql 7.4
postgresql postgresql 7.4.1
postgresql postgresql 7.4.17
postgresql postgresql 7.4.2
postgresql postgresql 7.4.9
postgresql postgresql 8.0
postgresql postgresql 8.0.1
postgresql postgresql 8.0.7
postgresql postgresql 8.0.8
postgresql postgresql 8.1.8
postgresql postgresql 8.1.9
postgresql postgresql 8.0.12
postgresql postgresql 8.0.10
postgresql postgresql 7.3.5
postgresql postgresql 7.3.7
postgresql postgresql 7.3.11
postgresql postgresql 7.3.12
postgresql postgresql 7.3.4
postgresql postgresql 7.3.6
postgresql postgresql 7.4.12
postgresql postgresql 7.4.13
postgresql postgresql 7.4.5
postgresql postgresql 7.4.6
postgresql postgresql 8.0.2
postgresql postgresql 8.0.3
postgresql postgresql 8.1.3
postgresql postgresql 8.1.4
postgresql postgresql 8.2.3
postgresql postgresql 8.2.4
postgresql postgresql 8.1.2
postgresql postgresql 8.1.6

It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command A remote authenticated attacker could exploit this to cause a denial of service This issue did not affect Ubuntu 606 LTS (CVE-2009-3229) ...

Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries (CVE-2007-3278, CVE-2007-6601) ...

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation This issue is also tracked as CVE-2007-6601, ...

CVE-2007-6600

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect