Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (below).

CPENameOperatorVersion
postgresqllt8.0.23
postgresqllt8.2.15
postgresqllt8.1.19
postgresqllt8.3.9
postgresqllt7.4.27
postgresqllt8.4.2

Name	Operator	Version
postgresql	lt	8.0.23
postgresql	lt	8.2.15
postgresql	lt	8.1.19
postgresql	lt	8.3.9
postgresql	lt	7.4.27
postgresql	lt	8.4.2

References

/support/security/CVE-2009-4136/

seebug 3

veracode 1

nessus 27

fedora 2

osv 1

openvas 25

debian 1

securityvulns 2

ubuntu 1

prion 1

cvelist 1

nvd 1

ubuntucve 1

cve 1

freebsd 1

oraclelinux 3

redhat 3

centos 3

gentoo 1

seebug

PostgreSQL索引功能权限提升漏洞

2009-12-29 00:00:00

Ruby on Rails 'protect_from_forgery'跨站脚本请求伪造漏洞

2009-12-17 00:00:00

PostgreSQL索引函数会话状态修改本地特权提升漏洞

2009-12-17 00:00:00

veracode

Privilege Escalation

2020-04-10 00:48:51

nessus

SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)

2010-01-19 00:00:00

SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6767)

2010-01-19 00:00:00

Fedora 11 : postgresql-8.3.9-1.fc11 (2009-13363)

2009-12-18 00:00:00

fedora

[SECURITY] Fedora 12 Update: postgresql-8.4.2-1.fc12

2009-12-18 04:39:48

[SECURITY] Fedora 11 Update: postgresql-8.3.9-1.fc11

2009-12-18 04:36:29

osv

postgresql-7.4 postgresql-8.1 postgresql-8.3 - several vulnerabilities

2009-12-31 00:00:00

openvas

Ubuntu Update for PostgreSQL vulnerabilities USN-876-1

2010-01-15 00:00:00

PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

2009-12-16 00:00:00

Fedora Core 12 FEDORA-2009-13381 (postgresql)

2009-12-30 00:00:00

debian

[SECURITY] [DSA-1964-1] New PostgreSQL packages fix several vulnerabilities

2009-12-31 16:38:37

securityvulns

PostgreSQL multiple security vulnerabilities

2009-12-15 00:00:00

[ MDVSA-2009:333 ] postgresql

2009-12-15 00:00:00

ubuntu

PostgreSQL vulnerabilities

2010-01-03 00:00:00

prion

Sql injection

2009-12-15 18:30:00

cvelist

CVE-2009-4136

2009-12-15 18:00:00

nvd

CVE-2009-4136

2009-12-15 18:30:01

ubuntucve

CVE-2009-4136

2009-12-15 00:00:00

cve

CVE-2009-4136

2009-12-15 18:30:01

freebsd

postgresql -- multiple vulnerabilities

2009-11-20 00:00:00

oraclelinux

postgresql security update

2010-05-19 00:00:00

postgresql security update

2010-05-19 00:00:00

postgresql security update

2010-05-19 00:00:00

redhat

(RHSA-2010:0427) Moderate: postgresql security update

2010-05-19 00:00:00

(RHSA-2010:0429) Moderate: postgresql security update

2010-05-19 00:00:00

(RHSA-2010:0428) Moderate: postgresql security update

2010-05-19 00:00:00

centos

rh security update

2010-05-21 22:01:26

postgresql security update

2010-05-28 10:45:13

postgresql security update

2010-05-21 22:22:02

gentoo

PostgreSQL: Multiple vulnerabilities

2011-10-25 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.023 Low

EPSS

Percentile

89.8%

JSON

Vulnerability in core server (CVE-2009-4136)

References

Related