FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-6600

This CVE name corresponds to:

Entered Topic
2008-04-24 postgresql -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-6600 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-6600
Phase Assigned(20071231)

Description

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

References

Source Reference
BUGTRAQ 20080107 PostgreSQL 2007-01-07 Cumulative Security Release
BUGTRAQ 20080115 rPSA-2008-0016-1 postgresql postgresql-server
CONFIRM http://www.postgresql.org/about/news.905
CONFIRM https://issues.rpath.com/browse/RPL-1768
DEBIAN DSA-1460
DEBIAN DSA-1463
FEDORA FEDORA-2008-0478
FEDORA FEDORA-2008-0552
GENTOO GLSA-200801-15
HP HPSBTU02325
HP SSRT080006
MANDRIVA MDVSA-2008:004
REDHAT RHSA-2008:0038
REDHAT RHSA-2008:0039
REDHAT RHSA-2008:0040
SUNALERT 103197
SUNALERT 200559
SUSE SUSE-SA:2008:005
UBUNTU USN-568-1
BID 27163
OVAL oval:org.mitre.oval:def:10493
VUPEN ADV-2008-0061
VUPEN ADV-2008-0109
VUPEN ADV-2008-1071
SECTRACK 1019157
SECUNIA 28359
SECUNIA 28376
SECUNIA 28438
SECUNIA 28445
SECUNIA 28437
SECUNIA 28454
SECUNIA 28464
SECUNIA 28477
SECUNIA 28479
SECUNIA 28455
SECUNIA 28679
SECUNIA 28698
SECUNIA 29638
XF postgresql-indexfunctions-priv-escalation(39496)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.