CVE-2010-1975

PostgreSQL 7.4-8.4 - Authenticated Privilege Escalation via RESET ALL in ALTER USER or ALTER DATABASE

Title source: llm
STIX 2.1

Description

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

References (15)

Core 15
Core References
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134124585221119&w=2
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2051
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1221
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1207
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40304
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:103
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39939

Scores

EPSS 0.0028
EPSS Percentile 51.2%

Details

CWE
CWE-264
Status published
Products (50)
postgresql/postgresql 7.4
postgresql/postgresql 7.4.1
postgresql/postgresql 7.4.2
postgresql/postgresql 7.4.3
postgresql/postgresql 7.4.4
postgresql/postgresql 7.4.5
postgresql/postgresql 7.4.6
postgresql/postgresql 7.4.7
postgresql/postgresql 7.4.8
postgresql/postgresql 7.4.9
... and 40 more
Published May 19, 2010
Tracked Since Feb 18, 2026