CVE-2007-6600

2008-01-0900:00:00

ubuntu.com

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.1%

JSON

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4
before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of
table owner privileges for (1) VACUUM and (2) ANALYZE operations within
index functions, and supports (3) SET ROLE and (4) SET SESSION
AUTHORIZATION within index functions, which allows remote authenticated
users to gain privileges.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/postgresql/+bug/181720>

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchpostgresql-8.1< 8.1.11-0ubuntu0.6.06.1UNKNOWN
ubuntu6.10noarchpostgresql-8.1< 8.1.11-0ubuntu0.6.10.1UNKNOWN
ubuntu7.04noarchpostgresql-8.2< 8.2.6-0ubuntu0.7.04.1UNKNOWN
ubuntu7.10noarchpostgresql-8.2< 8.2.6-0ubuntu0.7.10.1UNKNOWN
ubuntu8.04noarchpostgresql-8.2< 8.2.6-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	postgresql-8.1	< 8.1.11-0ubuntu0.6.06.1	UNKNOWN
ubuntu	6.10	noarch	postgresql-8.1	< 8.1.11-0ubuntu0.6.10.1	UNKNOWN
ubuntu	7.04	noarch	postgresql-8.2	< 8.2.6-0ubuntu0.7.04.1	UNKNOWN
ubuntu	7.10	noarch	postgresql-8.2	< 8.2.6-0ubuntu0.7.10.1	UNKNOWN
ubuntu	8.04	noarch	postgresql-8.2	< 8.2.6-1	UNKNOWN