CVE-2007-6600

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
References
Link Resource
http://www.postgresql.org/about/news.905 Patch Vendor Advisory
http://www.securityfocus.com/bid/27163 Patch
http://securitytracker.com/id?1019157
http://secunia.com/advisories/28359 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
https://issues.rpath.com/browse/RPL-1768
http://www.debian.org/security/2008/dsa-1460
http://www.debian.org/security/2008/dsa-1463
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
http://www.redhat.com/support/errata/RHSA-2008-0038.html
http://www.redhat.com/support/errata/RHSA-2008-0039.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
http://secunia.com/advisories/28376 Vendor Advisory
http://secunia.com/advisories/28438 Vendor Advisory
http://secunia.com/advisories/28445 Vendor Advisory
http://secunia.com/advisories/28437 Vendor Advisory
http://secunia.com/advisories/28454 Vendor Advisory
http://secunia.com/advisories/28464 Vendor Advisory
http://secunia.com/advisories/28477 Vendor Advisory
http://secunia.com/advisories/28479 Vendor Advisory
http://secunia.com/advisories/28455 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200801-15.xml
http://secunia.com/advisories/28679 Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
http://secunia.com/advisories/28698 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0040.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
http://secunia.com/advisories/29638 Vendor Advisory
http://www.vupen.com/english/advisories/2008/1071/references
http://www.vupen.com/english/advisories/2008/0109
http://www.vupen.com/english/advisories/2008/0061
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
https://exchange.xforce.ibmcloud.com/vulnerabilities/39496
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493
https://usn.ubuntu.com/568-1/
http://www.securityfocus.com/archive/1/486407/100/0/threaded
http://www.securityfocus.com/archive/1/485864/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.18:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.18:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.17:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*

Information

Published : 2008-01-09 09:46

Updated : 2018-10-15 09:55


NVD link : CVE-2007-6600

Mitre link : CVE-2007-6600

Products Affected
No products.
CWE