Published: 17/09/2009 Updated: 10/10/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The core server component in PostgreSQL 8.4 prior to 8.4.1, 8.3 prior to 8.3.8, 8.2 prior to 8.2.14, 8.1 prior to 8.1.18, 8.0 prior to 8.0.22, and 7.4 prior to 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 8.4
postgresql postgresql 8.3.6
postgresql postgresql 8.2
postgresql postgresql 8.2.1
postgresql postgresql 8.2.2
postgresql postgresql 8.2.9
postgresql postgresql 8.2.10
postgresql postgresql 8.1.3
postgresql postgresql 8.1.4
postgresql postgresql 8.1.12
postgresql postgresql 8.1.13
postgresql postgresql 8.0.3
postgresql postgresql 8.0.4
postgresql postgresql 8.0.11
postgresql postgresql 8.0.12
postgresql postgresql 8.0.20
postgresql postgresql 8.0.21
postgresql postgresql 7.4.14
postgresql postgresql 7.4.15
postgresql postgresql 7.4.4
postgresql postgresql 7.4.5
postgresql postgresql 7.4.23
postgresql postgresql 7.4.25
postgresql postgresql 8.3.3
postgresql postgresql 8.3.4
postgresql postgresql 8.2.5
postgresql postgresql 8.2.6
postgresql postgresql 8.2.11
postgresql postgresql 8.1
postgresql postgresql 8.1.7
postgresql postgresql 8.1.8
postgresql postgresql 8.1.16
postgresql postgresql 8.0
postgresql postgresql 8.0.7
postgresql postgresql 8.0.8
postgresql postgresql 8.0.15
postgresql postgresql 8.0.16
postgresql postgresql 7.4.10
postgresql postgresql 7.4.11
postgresql postgresql 7.4.18
postgresql postgresql 7.4.2
postgresql postgresql 7.4.8
postgresql postgresql 7.4.19
postgresql postgresql 7.4.20
postgresql postgresql 8.3.1
postgresql postgresql 8.3.2
postgresql postgresql 8.2.3
postgresql postgresql 8.2.4
postgresql postgresql 8.2.13
postgresql postgresql 8.2.12
postgresql postgresql 8.1.5
postgresql postgresql 8.1.6
postgresql postgresql 8.1.14
postgresql postgresql 8.1.15
postgresql postgresql 8.0.5
postgresql postgresql 8.0.6
postgresql postgresql 8.0.13
postgresql postgresql 8.0.14
postgresql postgresql 7.4
postgresql postgresql 7.4.1
postgresql postgresql 7.4.16
postgresql postgresql 7.4.17
postgresql postgresql 7.4.6
postgresql postgresql 7.4.7
postgresql postgresql 7.4.9
postgresql postgresql 8.3.5
postgresql postgresql 8.3.7
postgresql postgresql 8.2.7
postgresql postgresql 8.2.8
postgresql postgresql 8.1.1
postgresql postgresql 8.1.2
postgresql postgresql 8.1.9
postgresql postgresql 8.1.10
postgresql postgresql 8.1.11
postgresql postgresql 8.0.1
postgresql postgresql 8.0.2
postgresql postgresql 8.0.9
postgresql postgresql 8.0.10
postgresql postgresql 8.0.17
postgresql postgresql 8.0.18
postgresql postgresql 8.0.19
postgresql postgresql 7.4.12
postgresql postgresql 7.4.13
postgresql postgresql 7.4.24
postgresql postgresql 7.4.3
postgresql postgresql 7.4.21
postgresql postgresql 7.4.22

It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command A remote authenticated attacker could exploit this to cause a denial of service This issue did not affect Ubuntu 606 LTS (CVE-2009-3229) ...

Several vulnerabilities have been discovered in PostgreSQL, an SQL database system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3229 Authenticated users can shut down the backend server by re-LOAD-ing libraries in $libdir/plugins, if any libraries are present there (The old stable distribution (etc ...

CWE-264 https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html http://secunia.com/advisories/36660 http://www.securityfocus.com/bid/36314 http://www.postgresql.org/docs/8.3/static/release-8-3-8.html http://www.postgresql.org/support/security.html https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html http://secunia.com/advisories/36727 http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php https://bugzilla.redhat.com/show_bug.cgi?id=522085 http://www.vupen.com/english/advisories/2009/2602 http://secunia.com/advisories/36695 http://secunia.com/advisories/36837 http://www.us.debian.org/security/2009/dsa-1900 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://www.ubuntu.com/usn/usn-834-1 http://secunia.com/advisories/36800 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 http://marc.info/?l=bugtraq&m=134124585221119&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10166 http://www.securityfocus.com/archive/1/509917/100/0/threaded https://usn.ubuntu.com/834-1/https://nvd.nist.gov

Get Started

CVE-2009-3230

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect