CVE-2014-0060 Information

Share on:

Feb 14, 2021 cve

Description

PostgreSQL before 8.4.20 9.0.x before 9.0.16 9.1.x before 9.1.12 9.2.x before 9.2.7 and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.

Reference

http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2014-0211.html http://rhn.redhat.com/errata/RHSA-2014-0221.html http://rhn.redhat.com/errata/RHSA-2014-0249.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://secunia.com/advisories/61307 http://support.apple.com/kb/HT6448 http://wiki.postgresql.org/wiki/20140220securityrelease http://www.debian.org/security/2014/dsa-2864 http://www.debian.org/security/2014/dsa-2865 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.postgresql.org/about/news/1506/ http://www.ubuntu.com/usn/USN-2120-1 https://puppet.com/security/cve/cve-2014-0060 https://support.apple.com/kb/HT6536