CVE-2007-6600

PostgreSQL <8.2.6-7.3.21 - Privilege Escalation

Title source: llm

Description

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

References (38)

Core 38

Core References

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:004

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1460

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28445

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27163

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1768

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0038.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28454

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/485864/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28359

Patch, Vendor Advisory x_refsource_confirm

http://www.postgresql.org/about/news.905

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0061

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28679

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0109

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28376

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28437

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28455

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28477

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29638

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28479

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1463

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0040.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/486407/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28464

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28698

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/568-1/

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39496

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28438

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1019157

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0039.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200801-15.xml

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1071/references

Scores

EPSS 0.0081

EPSS Percentile 74.4%

Details

CWE

CWE-264

Status published

Products (50)

postgresql/postgresql 7.3

postgresql/postgresql 7.3.1

postgresql/postgresql 7.3.2

postgresql/postgresql 7.3.3

postgresql/postgresql 7.3.4

postgresql/postgresql 7.3.5

postgresql/postgresql 7.3.6

postgresql/postgresql 7.3.7

postgresql/postgresql 7.3.8

postgresql/postgresql 7.3.9

... and 40 more

Published Jan 09, 2008

Tracked Since Feb 18, 2026