Veracode Vulnerability DatabaseVERACODE:23824Privilege Escalation
0.005 Low
EPSS
Percentile
77.1%
postgresql is vulnerable to privilege escalation. The vulnerability exists as it was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0040 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges.
References
archives.postgresql.org/pgsql-www/2009-09/msg00024.php
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
marc.info/?l=bugtraq&m=134124585221119&w=2
secunia.com/advisories/36660
secunia.com/advisories/36695
secunia.com/advisories/36727
secunia.com/advisories/36800
secunia.com/advisories/36837
sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
www.postgresql.org/docs/8.3/static/release-8-3-8.html
www.postgresql.org/support/security.html
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/archive/1/509917/100/0/threaded
www.securityfocus.com/bid/36314
www.ubuntu.com/usn/usn-834-1
www.us.debian.org/security/2009/dsa-1900
www.vupen.com/english/advisories/2009/2602
access.redhat.com/errata/RHSA-2009:1461
bugzilla.redhat.com/show_bug.cgi?id=522085
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10166
www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html
Related
