Lucene search

[email protected]NVD:CVE-2014-0060

HistoryMar 31, 2014 - 2:58 p.m.

CVE-2014-0060

2014-03-3114:58:08

CWE-264

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

9.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.

Affected configurations

NVD

Node

postgresqlpostgresqlRange≤8.4.19

postgresqlpostgresqlMatch8.4.1

postgresqlpostgresqlMatch8.4.2

postgresqlpostgresqlMatch8.4.3

postgresqlpostgresqlMatch8.4.4

postgresqlpostgresqlMatch8.4.5

postgresqlpostgresqlMatch8.4.6

postgresqlpostgresqlMatch8.4.7

postgresqlpostgresqlMatch8.4.8

postgresqlpostgresqlMatch8.4.9

postgresqlpostgresqlMatch8.4.10

postgresqlpostgresqlMatch8.4.11

postgresqlpostgresqlMatch8.4.12

postgresqlpostgresqlMatch8.4.13

postgresqlpostgresqlMatch8.4.14

postgresqlpostgresqlMatch8.4.15

postgresqlpostgresqlMatch8.4.16

postgresqlpostgresqlMatch8.4.17

postgresqlpostgresqlMatch8.4.18

postgresqlpostgresqlMatch9.0

postgresqlpostgresqlMatch9.0.1

postgresqlpostgresqlMatch9.0.2

postgresqlpostgresqlMatch9.0.3

postgresqlpostgresqlMatch9.0.4

postgresqlpostgresqlMatch9.0.5

postgresqlpostgresqlMatch9.0.6

postgresqlpostgresqlMatch9.0.7

postgresqlpostgresqlMatch9.0.8

postgresqlpostgresqlMatch9.0.9

postgresqlpostgresqlMatch9.0.10

postgresqlpostgresqlMatch9.0.11

postgresqlpostgresqlMatch9.0.12

postgresqlpostgresqlMatch9.0.13

postgresqlpostgresqlMatch9.0.14

postgresqlpostgresqlMatch9.0.15

postgresqlpostgresqlMatch9.1

postgresqlpostgresqlMatch9.1.1

postgresqlpostgresqlMatch9.1.2

postgresqlpostgresqlMatch9.1.3

postgresqlpostgresqlMatch9.1.4

postgresqlpostgresqlMatch9.1.5

postgresqlpostgresqlMatch9.1.6

postgresqlpostgresqlMatch9.1.7

postgresqlpostgresqlMatch9.1.8

postgresqlpostgresqlMatch9.1.9

postgresqlpostgresqlMatch9.1.10

postgresqlpostgresqlMatch9.1.11

postgresqlpostgresqlMatch9.2

postgresqlpostgresqlMatch9.2.1

postgresqlpostgresqlMatch9.2.2

postgresqlpostgresqlMatch9.2.3

postgresqlpostgresqlMatch9.2.4

postgresqlpostgresqlMatch9.2.5

postgresqlpostgresqlMatch9.2.6

postgresqlpostgresqlMatch9.3

postgresqlpostgresqlMatch9.3.1

postgresqlpostgresqlMatch9.3.2

References

archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.opensuse.org/opensuse-updates/2014-03/msg00018.html

lists.opensuse.org/opensuse-updates/2014-03/msg00038.html

rhn.redhat.com/errata/RHSA-2014-0211.html

rhn.redhat.com/errata/RHSA-2014-0221.html

rhn.redhat.com/errata/RHSA-2014-0249.html

rhn.redhat.com/errata/RHSA-2014-0469.html

secunia.com/advisories/61307

support.apple.com/kb/HT6448

wiki.postgresql.org/wiki/20140220securityrelease

www.debian.org/security/2014/dsa-2864

www.debian.org/security/2014/dsa-2865

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.postgresql.org/about/news/1506/

www.ubuntu.com/usn/USN-2120-1

puppet.com/security/cve/cve-2014-0060

support.apple.com/kb/HT6536

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

9.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

Related for NVD:CVE-2014-0060

cve1 ubuntucve1 prion1 seebug2 postgresql1 checkpoint_advisories1 veracode4 cvelist1 nessus25 openvas26 centos3 amazon2 redhat4 oraclelinux2 kaspersky1 securityvulns6 ubuntu1 debian2 osv2 mageia2 freebsd1 gentoo1 oracle1