Published: 18/07/2012 Updated: 08/12/2016

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

CREATE TRIGGER in PostgreSQL 8.3.x prior to 8.3.18, 8.4.x prior to 8.4.11, 9.0.x prior to 9.0.7, and 9.1.x prior to 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 8.3.7
postgresql postgresql 8.3.5
postgresql postgresql 8.3.16
postgresql postgresql 8.3.15
postgresql postgresql 8.3.13
postgresql postgresql 8.3.6
postgresql postgresql 8.3.3
postgresql postgresql 8.3
postgresql postgresql 8.3.11
postgresql postgresql 8.3.8
postgresql postgresql 8.3.2
postgresql postgresql 8.3.1
postgresql postgresql 8.3.4
postgresql postgresql 8.3.14
postgresql postgresql 8.3.10
postgresql postgresql 8.3.9
postgresql postgresql 8.3.12
postgresql postgresql 8.3.17
postgresql postgresql 8.4.2
postgresql postgresql 8.4.3
postgresql postgresql 8.4.5
postgresql postgresql 8.4.1
postgresql postgresql 8.4.8
postgresql postgresql 8.4.9
postgresql postgresql 8.4.4
postgresql postgresql 8.4.7
postgresql postgresql 8.4.6
postgresql postgresql 8.4
postgresql postgresql 8.4.10
postgresql postgresql 9.0
postgresql postgresql 9.0.1
postgresql postgresql 9.0.5
postgresql postgresql 9.0.6
postgresql postgresql 9.0.2
postgresql postgresql 9.0.3
postgresql postgresql 9.0.4
postgresql postgresql 9.1.1
postgresql postgresql 9.1.2
postgresql postgresql 9.1

Several security issues were fixed in PostgreSQL ...

Synopsis Moderate: postgresql security update Type/Severity Security Advisory: Moderate Topic Updated postgresql packages that fix two security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabil ...

Synopsis Moderate: postgresql and postgresql84 security update Type/Severity Security Advisory: Moderate Topic Updated postgresql84 and postgresql packages that fix three security issuesare now available for Red Hat Enterprise Linux 5 and 6 respectivelyThe Red Hat Security Response Team has rated this upda ...

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-0866 It was discovered that the permissions of a function called by a trigger are not checked This could result in privilege escalation CVE-2012-08 ...

The pg_dump utility inserted object names literally into comments in the SQL script it produces An unprivileged database user could create an object whose name includes a newline followed by an SQL command This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation (CVE-2012 ...

CWE-264 http://rhn.redhat.com/errata/RHSA-2012-0678.html http://www.postgresql.org/about/news/1377/http://www.mandriva.com/security/advisories?name=MDVSA-2012:027 http://www.postgresql.org/docs/8.3/static/release-8-3-18.html http://rhn.redhat.com/errata/RHSA-2012-0677.html http://www.postgresql.org/docs/9.0/static/release-9-0-7.html http://www.postgresql.org/docs/9.1/static/release-9-1-3.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:026 http://www.postgresql.org/docs/8.4/static/release-8-4-11.html http://www.debian.org/security/2012/dsa-2418 http://www.mandriva.com/security/advisories?name=MDVSA-2012:092 http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html http://secunia.com/advisories/49272 http://secunia.com/advisories/49273 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://usn.ubuntu.com/1378-1/https://nvd.nist.gov

CVE-2012-0866

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect