Lucene search

[email protected]CVE-2014-0067

HistoryMar 31, 2014 - 2:58 p.m.

CVE-2014-0067

2014-03-3114:58:15

CWE-264

[email protected]

web.nvd.nist.gov

129

cve

postgresql

security

authentication

privileges

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The “make check” command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

Affected configurations

NVD

Node

applemac_os_xMatch10.10.4

applemac_os_x_serverMatch5.0.3

Node

postgresqlpostgresqlRange≤8.4.19

postgresqlpostgresqlMatch8.4.1

postgresqlpostgresqlMatch8.4.2

postgresqlpostgresqlMatch8.4.3

postgresqlpostgresqlMatch8.4.4

postgresqlpostgresqlMatch8.4.5

postgresqlpostgresqlMatch8.4.6

postgresqlpostgresqlMatch8.4.7

postgresqlpostgresqlMatch8.4.8

postgresqlpostgresqlMatch8.4.9

postgresqlpostgresqlMatch8.4.10

postgresqlpostgresqlMatch8.4.11

postgresqlpostgresqlMatch8.4.12

postgresqlpostgresqlMatch8.4.13

postgresqlpostgresqlMatch8.4.14

postgresqlpostgresqlMatch8.4.15

postgresqlpostgresqlMatch8.4.16

postgresqlpostgresqlMatch8.4.17

postgresqlpostgresqlMatch8.4.18

postgresqlpostgresqlMatch9.0

postgresqlpostgresqlMatch9.0.1

postgresqlpostgresqlMatch9.0.2

postgresqlpostgresqlMatch9.0.3

postgresqlpostgresqlMatch9.0.4

postgresqlpostgresqlMatch9.0.5

postgresqlpostgresqlMatch9.0.6

postgresqlpostgresqlMatch9.0.7

postgresqlpostgresqlMatch9.0.8

postgresqlpostgresqlMatch9.0.9

postgresqlpostgresqlMatch9.0.10

postgresqlpostgresqlMatch9.0.11

postgresqlpostgresqlMatch9.0.12

postgresqlpostgresqlMatch9.0.13

postgresqlpostgresqlMatch9.0.14

postgresqlpostgresqlMatch9.0.15

postgresqlpostgresqlMatch9.1

postgresqlpostgresqlMatch9.1.1

postgresqlpostgresqlMatch9.1.2

postgresqlpostgresqlMatch9.1.3

postgresqlpostgresqlMatch9.1.4

postgresqlpostgresqlMatch9.1.5

postgresqlpostgresqlMatch9.1.6

postgresqlpostgresqlMatch9.1.7

postgresqlpostgresqlMatch9.1.8

postgresqlpostgresqlMatch9.1.9

postgresqlpostgresqlMatch9.1.10

postgresqlpostgresqlMatch9.1.11

postgresqlpostgresqlMatch9.2

postgresqlpostgresqlMatch9.2.1

postgresqlpostgresqlMatch9.2.2

postgresqlpostgresqlMatch9.2.3

postgresqlpostgresqlMatch9.2.4

postgresqlpostgresqlMatch9.2.5

postgresqlpostgresqlMatch9.2.6

postgresqlpostgresqlMatch9.3

postgresqlpostgresqlMatch9.3.1

postgresqlpostgresqlMatch9.3.2

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.10.4
apple:mac_os_x_serverapple mac os x servereq5.0.3

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.10.4
apple:mac_os_x_server	apple mac os x server	eq	5.0.3

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

lists.opensuse.org/opensuse-updates/2014-03/msg00018.html

lists.opensuse.org/opensuse-updates/2014-03/msg00038.html

wiki.postgresql.org/wiki/20140220securityrelease

www.debian.org/security/2014/dsa-2864

www.debian.org/security/2014/dsa-2865

www.postgresql.org/about/news/1506/

www.securityfocus.com/bid/65721

support.apple.com/HT205219

support.apple.com/kb/HT205031

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-0067

ubuntucve1 prion1 nvd1 openvas10 postgresql1 debian3 nessus17 seebug1 osv3 cvelist1 amazon1 mageia2 freebsd1 securityvulns3