CVE - CVE-2007-6600

CVE-ID
CVE-2007-6600	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080107 PostgreSQL 2007-01-07 Cumulative Security Release URL:http://www.securityfocus.com/archive/1/485864/100/0/threaded BUGTRAQ:20080115 rPSA-2008-0016-1 postgresql postgresql-server URL:http://www.securityfocus.com/archive/1/486407/100/0/threaded CONFIRM:http://www.postgresql.org/about/news.905 CONFIRM:https://issues.rpath.com/browse/RPL-1768 DEBIAN:DSA-1460 URL:http://www.debian.org/security/2008/dsa-1460 DEBIAN:DSA-1463 URL:http://www.debian.org/security/2008/dsa-1463 FEDORA:FEDORA-2008-0478 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html FEDORA:FEDORA-2008-0552 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html GENTOO:GLSA-200801-15 URL:http://security.gentoo.org/glsa/glsa-200801-15.xml HP:HPSBTU02325 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 HP:SSRT080006 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 MANDRIVA:MDVSA-2008:004 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 REDHAT:RHSA-2008:0038 URL:http://www.redhat.com/support/errata/RHSA-2008-0038.html REDHAT:RHSA-2008:0039 URL:http://www.redhat.com/support/errata/RHSA-2008-0039.html REDHAT:RHSA-2008:0040 URL:http://www.redhat.com/support/errata/RHSA-2008-0040.html SUNALERT:103197 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 SUNALERT:200559 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 SUSE:SUSE-SA:2008:005 URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html UBUNTU:USN-568-1 URL:https://usn.ubuntu.com/568-1/ BID:27163 URL:http://www.securityfocus.com/bid/27163 OVAL:oval:org.mitre.oval:def:10493 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493 VUPEN:ADV-2008-0061 URL:http://www.vupen.com/english/advisories/2008/0061 VUPEN:ADV-2008-0109 URL:http://www.vupen.com/english/advisories/2008/0109 VUPEN:ADV-2008-1071 URL:http://www.vupen.com/english/advisories/2008/1071/references SECTRACK:1019157 URL:http://securitytracker.com/id?1019157 SECUNIA:28359 URL:http://secunia.com/advisories/28359 SECUNIA:28376 URL:http://secunia.com/advisories/28376 SECUNIA:28438 URL:http://secunia.com/advisories/28438 SECUNIA:28445 URL:http://secunia.com/advisories/28445 SECUNIA:28437 URL:http://secunia.com/advisories/28437 SECUNIA:28454 URL:http://secunia.com/advisories/28454 SECUNIA:28464 URL:http://secunia.com/advisories/28464 SECUNIA:28477 URL:http://secunia.com/advisories/28477 SECUNIA:28479 URL:http://secunia.com/advisories/28479 SECUNIA:28455 URL:http://secunia.com/advisories/28455 SECUNIA:28679 URL:http://secunia.com/advisories/28679 SECUNIA:28698 URL:http://secunia.com/advisories/28698 SECUNIA:29638 URL:http://secunia.com/advisories/29638 XF:postgresql-indexfunctions-priv-escalation(39496) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39496
Assigning CNA
N/A
Date Entry Created
20071231	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071231)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.