CVE-2007-6600 Information
Description
PostgreSQL 8.2 before 8.2.6 8.1 before 8.1.11 8.0 before 8.0.15 7.4 before 7.4.19 and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions which allows remote authenticated users to gain privileges.
Reference
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html http://secunia.com/advisories/28359 http://secunia.com/advisories/28376 http://secunia.com/advisories/28437 http://secunia.com/advisories/28438 http://secunia.com/advisories/28445 http://secunia.com/advisories/28454 http://secunia.com/advisories/28455 http://secunia.com/advisories/28464 http://secunia.com/advisories/28477 http://secunia.com/advisories/28479 http://secunia.com/advisories/28679 http://secunia.com/advisories/28698 http://secunia.com/advisories/29638 http://security.gentoo.org/glsa/glsa-200801-15.xml http://securitytracker.com/id?1019157 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 http://www.debian.org/security/2008/dsa-1460 http://www.debian.org/security/2008/dsa-1463 http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 http://www.postgresql.org/about/news.905 http://www.redhat.com/support/errata/RHSA-2008-0038.html http://www.redhat.com/support/errata/RHSA-2008-0039.html http://www.redhat.com/support/errata/RHSA-2008-0040.html http://www.securityfocus.com/archive/1/485864/100/0/threaded http://www.securityfocus.com/archive/1/486407/100/0/threaded http://www.securityfocus.com/bid/27163 http://www.vupen.com/english/advisories/2008/0061 http://www.vupen.com/english/advisories/2008/0109 http://www.vupen.com/english/advisories/2008/1071/references https://exchange.xforce.ibmcloud.com/vulnerabilities/39496 https://issues.rpath.com/browse/RPL-1768 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10493 https://usn.ubuntu.com/568-1/ https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
Share on: