CVE-2014-0062
PostgreSQL < 8.4.19 - Authenticated Race Condition via CREATE INDEX or ALTER TABLE
Title source: llmDescription
Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
References (18)
Core 18
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0211.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0221.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0469.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0249.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT6448
Third Party Advisory vendor-advisory
x_refsource_apple
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
Vendor Advisory x_refsource_confirm
http://wiki.postgresql.org/wiki/20140220securityrelease
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65727
Vendor Advisory x_refsource_confirm
http://www.postgresql.org/about/news/1506/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2120-1
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT6536
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61307
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2864
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2865
Scores
EPSS
0.0038
EPSS Percentile
59.7%
Details
CWE
CWE-362
Status
published
Products (50)
postgresql/postgresql
8.4.1
postgresql/postgresql
8.4.2
postgresql/postgresql
8.4.3
postgresql/postgresql
8.4.4
postgresql/postgresql
8.4.5
postgresql/postgresql
8.4.6
postgresql/postgresql
8.4.7
postgresql/postgresql
8.4.8
postgresql/postgresql
8.4.9
postgresql/postgresql
8.4.10
... and 40 more
Published
Mar 31, 2014
Tracked Since
Feb 18, 2026