CVE - CVE-2007-6600

CVE-ID
CVE-2007-6600	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:27163 URL:http://www.securityfocus.com/bid/27163 BUGTRAQ:20080107 PostgreSQL 2007-01-07 Cumulative Security Release URL:http://www.securityfocus.com/archive/1/485864/100/0/threaded BUGTRAQ:20080115 rPSA-2008-0016-1 postgresql postgresql-server URL:http://www.securityfocus.com/archive/1/486407/100/0/threaded CONFIRM:http://www.postgresql.org/about/news.905 CONFIRM:https://issues.rpath.com/browse/RPL-1768 DEBIAN:DSA-1460 URL:http://www.debian.org/security/2008/dsa-1460 DEBIAN:DSA-1463 URL:http://www.debian.org/security/2008/dsa-1463 FEDORA:FEDORA-2008-0478 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html FEDORA:FEDORA-2008-0552 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html GENTOO:GLSA-200801-15 URL:http://security.gentoo.org/glsa/glsa-200801-15.xml HP:HPSBTU02325 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 HP:SSRT080006 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 MANDRIVA:MDVSA-2008:004 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:004~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10493 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493 REDHAT:RHSA-2008:0038 URL:http://www.redhat.com/support/errata/RHSA-2008-0038.html REDHAT:RHSA-2008:0039 URL:http://www.redhat.com/support/errata/RHSA-2008-0039.html REDHAT:RHSA-2008:0040 URL:http://www.redhat.com/support/errata/RHSA-2008-0040.html SECTRACK:1019157 URL:http://securitytracker.com/id?1019157 SECUNIA:28359 URL:http://secunia.com/advisories/28359 SECUNIA:28376 URL:http://secunia.com/advisories/28376 SECUNIA:28437 URL:http://secunia.com/advisories/28437 SECUNIA:28438 URL:http://secunia.com/advisories/28438 SECUNIA:28445 URL:http://secunia.com/advisories/28445 SECUNIA:28454 URL:http://secunia.com/advisories/28454 SECUNIA:28455 URL:http://secunia.com/advisories/28455 SECUNIA:28464 URL:http://secunia.com/advisories/28464 SECUNIA:28477 URL:http://secunia.com/advisories/28477 SECUNIA:28479 URL:http://secunia.com/advisories/28479 SECUNIA:28679 URL:http://secunia.com/advisories/28679 SECUNIA:28698 URL:http://secunia.com/advisories/28698 SECUNIA:29638 URL:http://secunia.com/advisories/29638 SUNALERT:103197 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1~~ (Obsolete source) SUNALERT:200559 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1~~ (Obsolete source) SUSE:SUSE-SA:2008:005 URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html UBUNTU:USN-568-1 URL:https://usn.ubuntu.com/568-1/ VUPEN:ADV-2008-0061 URL:~~http://www.vupen.com/english/advisories/2008/0061~~ (Obsolete source) VUPEN:ADV-2008-0109 URL:~~http://www.vupen.com/english/advisories/2008/0109~~ (Obsolete source) VUPEN:ADV-2008-1071 URL:~~http://www.vupen.com/english/advisories/2008/1071/references~~ (Obsolete source) XF:postgresql-indexfunctions-priv-escalation(39496) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39496
Assigning CNA
MITRE Corporation
Date Record Created
20071231	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071231)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)