Vulnerability-Lookup

CVE-2007-6600 (GCVE-0-2007-6600)

Vulnerability from cvelistv5 – Published: 2008-01-10 02:00 – Updated: 2024-08-07 16:11

Summary

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.debian.org/security/2008/dsa-1460	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/28445	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/27163	vdb-entryx_refsource_BID
	https://issues.rpath.com/browse/RPL-1768	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2008-00…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/28454	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/485864/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/28359	third-party-advisoryx_refsource_SECUNIA
	http://www.postgresql.org/about/news.905	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.vupen.com/english/advisories/2008/0061	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/28679	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0109	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/28376	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://secunia.com/advisories/28437	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/28455	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/28477	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/29638	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/28479	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1463	vendor-advisoryx_refsource_DEBIAN
	http://www.redhat.com/support/errata/RHSA-2008-00…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/archive/1/486407/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/28464	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/28698	third-party-advisoryx_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	https://usn.ubuntu.com/568-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/28438	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1019157	vdb-entryx_refsource_SECTRACK
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.redhat.com/support/errata/RHSA-2008-00…	vendor-advisoryx_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://security.gentoo.org/glsa/glsa-200801-15.xml	vendor-advisoryx_refsource_GENTOO
	http://www.vupen.com/english/advisories/2008/1071…	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:11:06.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2008:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
          },
          {
            "name": "DSA-1460",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1460"
          },
          {
            "name": "28445",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28445"
          },
          {
            "name": "oval:org.mitre.oval:def:10493",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493"
          },
          {
            "name": "27163",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1768"
          },
          {
            "name": "RHSA-2008:0038",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
          },
          {
            "name": "28454",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28454"
          },
          {
            "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
          },
          {
            "name": "28359",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28359"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/about/news.905"
          },
          {
            "name": "SUSE-SA:2008:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
          },
          {
            "name": "ADV-2008-0061",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0061"
          },
          {
            "name": "28679",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28679"
          },
          {
            "name": "ADV-2008-0109",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0109"
          },
          {
            "name": "28376",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28376"
          },
          {
            "name": "103197",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
          },
          {
            "name": "28437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28437"
          },
          {
            "name": "28455",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28455"
          },
          {
            "name": "28477",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28477"
          },
          {
            "name": "29638",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29638"
          },
          {
            "name": "28479",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28479"
          },
          {
            "name": "DSA-1463",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1463"
          },
          {
            "name": "RHSA-2008:0040",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
          },
          {
            "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
          },
          {
            "name": "28464",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28464"
          },
          {
            "name": "28698",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28698"
          },
          {
            "name": "SSRT080006",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
          },
          {
            "name": "200559",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
          },
          {
            "name": "USN-568-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/568-1/"
          },
          {
            "name": "FEDORA-2008-0552",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
          },
          {
            "name": "postgresql-indexfunctions-priv-escalation(39496)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39496"
          },
          {
            "name": "28438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28438"
          },
          {
            "name": "1019157",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019157"
          },
          {
            "name": "FEDORA-2008-0478",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
          },
          {
            "name": "RHSA-2008:0039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"
          },
          {
            "name": "HPSBTU02325",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
          },
          {
            "name": "GLSA-200801-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
          },
          {
            "name": "ADV-2008-1071",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1071/references"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-06T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T00:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2008:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
        },
        {
          "name": "DSA-1460",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1460"
        },
        {
          "name": "28445",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28445"
        },
        {
          "name": "oval:org.mitre.oval:def:10493",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493"
        },
        {
          "name": "27163",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1768"
        },
        {
          "name": "RHSA-2008:0038",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
        },
        {
          "name": "28454",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28454"
        },
        {
          "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
        },
        {
          "name": "28359",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28359"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/about/news.905"
        },
        {
          "name": "SUSE-SA:2008:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
        },
        {
          "name": "ADV-2008-0061",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0061"
        },
        {
          "name": "28679",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28679"
        },
        {
          "name": "ADV-2008-0109",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0109"
        },
        {
          "name": "28376",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28376"
        },
        {
          "name": "103197",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
        },
        {
          "name": "28437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28437"
        },
        {
          "name": "28455",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28455"
        },
        {
          "name": "28477",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28477"
        },
        {
          "name": "29638",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29638"
        },
        {
          "name": "28479",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28479"
        },
        {
          "name": "DSA-1463",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1463"
        },
        {
          "name": "RHSA-2008:0040",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
        },
        {
          "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
        },
        {
          "name": "28464",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28464"
        },
        {
          "name": "28698",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28698"
        },
        {
          "name": "SSRT080006",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
        },
        {
          "name": "200559",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
        },
        {
          "name": "USN-568-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/568-1/"
        },
        {
          "name": "FEDORA-2008-0552",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
        },
        {
          "name": "postgresql-indexfunctions-priv-escalation(39496)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39496"
        },
        {
          "name": "28438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28438"
        },
        {
          "name": "1019157",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019157"
        },
        {
          "name": "FEDORA-2008-0478",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
        },
        {
          "name": "RHSA-2008:0039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"
        },
        {
          "name": "HPSBTU02325",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
        },
        {
          "name": "GLSA-200801-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
        },
        {
          "name": "ADV-2008-1071",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1071/references"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6600",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2008:004",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
            },
            {
              "name": "DSA-1460",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1460"
            },
            {
              "name": "28445",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28445"
            },
            {
              "name": "oval:org.mitre.oval:def:10493",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493"
            },
            {
              "name": "27163",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27163"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1768",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1768"
            },
            {
              "name": "RHSA-2008:0038",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
            },
            {
              "name": "28454",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28454"
            },
            {
              "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
            },
            {
              "name": "28359",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28359"
            },
            {
              "name": "http://www.postgresql.org/about/news.905",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/about/news.905"
            },
            {
              "name": "SUSE-SA:2008:005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
            },
            {
              "name": "ADV-2008-0061",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0061"
            },
            {
              "name": "28679",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28679"
            },
            {
              "name": "ADV-2008-0109",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0109"
            },
            {
              "name": "28376",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28376"
            },
            {
              "name": "103197",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
            },
            {
              "name": "28437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28437"
            },
            {
              "name": "28455",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28455"
            },
            {
              "name": "28477",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28477"
            },
            {
              "name": "29638",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29638"
            },
            {
              "name": "28479",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28479"
            },
            {
              "name": "DSA-1463",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1463"
            },
            {
              "name": "RHSA-2008:0040",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
            },
            {
              "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
            },
            {
              "name": "28464",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28464"
            },
            {
              "name": "28698",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28698"
            },
            {
              "name": "SSRT080006",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
            },
            {
              "name": "200559",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
            },
            {
              "name": "USN-568-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/568-1/"
            },
            {
              "name": "FEDORA-2008-0552",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
            },
            {
              "name": "postgresql-indexfunctions-priv-escalation(39496)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39496"
            },
            {
              "name": "28438",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28438"
            },
            {
              "name": "1019157",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019157"
            },
            {
              "name": "FEDORA-2008-0478",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
            },
            {
              "name": "RHSA-2008:0039",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"
            },
            {
              "name": "HPSBTU02325",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
            },
            {
              "name": "GLSA-200801-15",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
            },
            {
              "name": "ADV-2008-1071",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1071/references"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6600",
    "datePublished": "2008-01-10T02:00:00.000Z",
    "dateReserved": "2007-12-31T05:00:00.000Z",
    "dateUpdated": "2024-08-07T16:11:06.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2007-6600

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-6600

Aliases

CVE-2007-6600

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6600",
    "description": "PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.",
    "id": "GSD-2007-6600",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-6600.html",
      "https://www.debian.org/security/2008/dsa-1463",
      "https://www.debian.org/security/2008/dsa-1460",
      "https://access.redhat.com/errata/RHSA-2008:0040",
      "https://access.redhat.com/errata/RHSA-2008:0039",
      "https://access.redhat.com/errata/RHSA-2008:0038",
      "https://linux.oracle.com/cve/CVE-2007-6600.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6600"
      ],
      "details": "PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.",
      "id": "GSD-2007-6600",
      "modified": "2023-12-13T01:21:38.441137Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6600",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MDVSA-2008:004",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
          },
          {
            "name": "DSA-1460",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1460"
          },
          {
            "name": "28445",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28445"
          },
          {
            "name": "oval:org.mitre.oval:def:10493",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493"
          },
          {
            "name": "27163",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27163"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-1768",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-1768"
          },
          {
            "name": "RHSA-2008:0038",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
          },
          {
            "name": "28454",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28454"
          },
          {
            "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
          },
          {
            "name": "28359",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28359"
          },
          {
            "name": "http://www.postgresql.org/about/news.905",
            "refsource": "CONFIRM",
            "url": "http://www.postgresql.org/about/news.905"
          },
          {
            "name": "SUSE-SA:2008:005",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
          },
          {
            "name": "ADV-2008-0061",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0061"
          },
          {
            "name": "28679",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28679"
          },
          {
            "name": "ADV-2008-0109",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0109"
          },
          {
            "name": "28376",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28376"
          },
          {
            "name": "103197",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
          },
          {
            "name": "28437",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28437"
          },
          {
            "name": "28455",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28455"
          },
          {
            "name": "28477",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28477"
          },
          {
            "name": "29638",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29638"
          },
          {
            "name": "28479",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28479"
          },
          {
            "name": "DSA-1463",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1463"
          },
          {
            "name": "RHSA-2008:0040",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
          },
          {
            "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
          },
          {
            "name": "28464",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28464"
          },
          {
            "name": "28698",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28698"
          },
          {
            "name": "SSRT080006",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
          },
          {
            "name": "200559",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
          },
          {
            "name": "USN-568-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/568-1/"
          },
          {
            "name": "FEDORA-2008-0552",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
          },
          {
            "name": "postgresql-indexfunctions-priv-escalation(39496)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39496"
          },
          {
            "name": "28438",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28438"
          },
          {
            "name": "1019157",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1019157"
          },
          {
            "name": "FEDORA-2008-0478",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
          },
          {
            "name": "RHSA-2008:0039",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"
          },
          {
            "name": "HPSBTU02325",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
          },
          {
            "name": "GLSA-200801-15",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
          },
          {
            "name": "ADV-2008-1071",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1071/references"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6600"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.postgresql.org/about/news.905",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.postgresql.org/about/news.905"
            },
            {
              "name": "27163",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/27163"
            },
            {
              "name": "1019157",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1019157"
            },
            {
              "name": "28359",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28359"
            },
            {
              "name": "MDVSA-2008:004",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1768",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-1768"
            },
            {
              "name": "DSA-1460",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1460"
            },
            {
              "name": "DSA-1463",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1463"
            },
            {
              "name": "FEDORA-2008-0478",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
            },
            {
              "name": "FEDORA-2008-0552",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
            },
            {
              "name": "RHSA-2008:0038",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
            },
            {
              "name": "RHSA-2008:0039",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"
            },
            {
              "name": "103197",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
            },
            {
              "name": "28376",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28376"
            },
            {
              "name": "28438",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28438"
            },
            {
              "name": "28445",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28445"
            },
            {
              "name": "28437",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28437"
            },
            {
              "name": "28454",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28454"
            },
            {
              "name": "28464",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28464"
            },
            {
              "name": "28477",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28477"
            },
            {
              "name": "28479",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28479"
            },
            {
              "name": "28455",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28455"
            },
            {
              "name": "GLSA-200801-15",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
            },
            {
              "name": "28679",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28679"
            },
            {
              "name": "SUSE-SA:2008:005",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
            },
            {
              "name": "28698",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28698"
            },
            {
              "name": "RHSA-2008:0040",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
            },
            {
              "name": "200559",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
            },
            {
              "name": "29638",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29638"
            },
            {
              "name": "ADV-2008-1071",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1071/references"
            },
            {
              "name": "ADV-2008-0109",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0109"
            },
            {
              "name": "ADV-2008-0061",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0061"
            },
            {
              "name": "SSRT080006",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
            },
            {
              "name": "postgresql-indexfunctions-priv-escalation(39496)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39496"
            },
            {
              "name": "oval:org.mitre.oval:def:10493",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493"
            },
            {
              "name": "USN-568-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/568-1/"
            },
            {
              "name": "20080115 rPSA-2008-0016-1 postgresql postgresql-server",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
            },
            {
              "name": "20080107 PostgreSQL 2007-01-07 Cumulative Security Release",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:55Z",
      "publishedDate": "2008-01-09T21:46Z"
    }
  }
}

GHSA-R647-CWMV-XWWC

Vulnerability from github – Published: 2022-05-01 18:44 – Updated: 2025-04-09 03:50

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6600"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-09T21:46:00Z",
    "severity": "MODERATE"
  },
  "details": "PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.",
  "id": "GHSA-r647-cwmv-xwwc",
  "modified": "2025-04-09T03:50:09Z",
  "published": "2022-05-01T18:44:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6600"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39496"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1768"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/568-1"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28359"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28376"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28437"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28438"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28445"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28454"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28455"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28464"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28477"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28479"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28679"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28698"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29638"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1019157"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1460"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1463"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
    },
    {
      "type": "WEB",
      "url": "http://www.postgresql.org/about/news.905"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27163"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0061"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0109"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1071/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-6600

Vulnerability from fkie_nvd - Published: 2008-01-09 21:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
cve@mitre.org	http://secunia.com/advisories/28359	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28376	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28437	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28438	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28445	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28454	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28455	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28464	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28477	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28479	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28679	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28698	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29638	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200801-15.xml
cve@mitre.org	http://securitytracker.com/id?1019157
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
cve@mitre.org	http://www.debian.org/security/2008/dsa-1460
cve@mitre.org	http://www.debian.org/security/2008/dsa-1463
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
cve@mitre.org	http://www.postgresql.org/about/news.905	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0038.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0039.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0040.html
cve@mitre.org	http://www.securityfocus.com/archive/1/485864/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/486407/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/27163	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0061
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0109
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1071/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39496
cve@mitre.org	https://issues.rpath.com/browse/RPL-1768
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493
cve@mitre.org	https://usn.ubuntu.com/568-1/
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28359	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28376	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28437	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28438	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28445	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28454	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28455	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28464	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28477	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28479	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28679	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28698	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29638	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200801-15.xml
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019157
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1460
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1463
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:004
af854a3a-2127-422b-91ae-364da2661108	http://www.postgresql.org/about/news.905	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0038.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0039.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0040.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/485864/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486407/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27163	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0061
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0109
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1071/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39496
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1768
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/568-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

Impacted products

Vendor	Product	Version
postgresql	postgresql	7.3
postgresql	postgresql	7.3.1
postgresql	postgresql	7.3.2
postgresql	postgresql	7.3.3
postgresql	postgresql	7.3.4
postgresql	postgresql	7.3.5
postgresql	postgresql	7.3.6
postgresql	postgresql	7.3.7
postgresql	postgresql	7.3.8
postgresql	postgresql	7.3.9
postgresql	postgresql	7.3.10
postgresql	postgresql	7.3.11
postgresql	postgresql	7.3.12
postgresql	postgresql	7.3.13
postgresql	postgresql	7.3.14
postgresql	postgresql	7.3.15
postgresql	postgresql	7.3.16
postgresql	postgresql	7.3.17
postgresql	postgresql	7.3.18
postgresql	postgresql	7.3.19
postgresql	postgresql	7.4
postgresql	postgresql	7.4.1
postgresql	postgresql	7.4.2
postgresql	postgresql	7.4.3
postgresql	postgresql	7.4.4
postgresql	postgresql	7.4.5
postgresql	postgresql	7.4.6
postgresql	postgresql	7.4.7
postgresql	postgresql	7.4.8
postgresql	postgresql	7.4.9
postgresql	postgresql	7.4.10
postgresql	postgresql	7.4.11
postgresql	postgresql	7.4.12
postgresql	postgresql	7.4.13
postgresql	postgresql	7.4.14
postgresql	postgresql	7.4.16
postgresql	postgresql	7.4.17
postgresql	postgresql	7.4.18
postgresql	postgresql	8.0
postgresql	postgresql	8.0.0
postgresql	postgresql	8.0.1
postgresql	postgresql	8.0.2
postgresql	postgresql	8.0.3
postgresql	postgresql	8.0.4
postgresql	postgresql	8.0.5
postgresql	postgresql	8.0.6
postgresql	postgresql	8.0.7
postgresql	postgresql	8.0.8
postgresql	postgresql	8.0.9
postgresql	postgresql	8.0.10
postgresql	postgresql	8.0.11
postgresql	postgresql	8.0.12
postgresql	postgresql	8.0.13
postgresql	postgresql	8.0.14
postgresql	postgresql	8.1.1
postgresql	postgresql	8.1.2
postgresql	postgresql	8.1.3
postgresql	postgresql	8.1.4
postgresql	postgresql	8.1.5
postgresql	postgresql	8.1.6
postgresql	postgresql	8.1.7
postgresql	postgresql	8.1.8
postgresql	postgresql	8.1.9
postgresql	postgresql	8.1.10
postgresql	postgresql	8.2
postgresql	postgresql	8.2.1
postgresql	postgresql	8.2.2
postgresql	postgresql	8.2.3
postgresql	postgresql	8.2.4
postgresql	postgresql	8.2.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4064A96D-84D5-4257-9981-1139CD4CD08C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98290E4-2919-4492-BD14-BB24BA85C729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B56E9F72-6CBF-4784-89CD-435A030AC0B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DEF0FE5-EFCF-448E-B6BD-95FDDD4E17FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B480F0-8FFC-4463-ADC6-95906751811C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BF44286-0DBF-4CCA-8FFB-993976C18CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "629881D2-2A6D-4461-8C35-6EE575B63E6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C91580-6428-4234-92DF-6A96108FCF7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5A19EB5-A1AF-4293-854D-347CD21065DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B18ED293-B408-435F-9D1F-2365A2E51022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7106B29-76F3-43FD-BF57-4693D5B55076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "16B804CD-AE47-4B46-9B37-7F46D4C9A332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23E89A3-551D-42E2-90EC-59A9DAB4F854",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC46594-100B-459F-BCB7-1FA9D0719D76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "AECD278B-55A7-4BCC-8AF1-004F02A96BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "95DB94EF-32AE-4DD9-A9A4-4F7D4BE5F1AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE0ED225-91C8-4FA6-9E33-A1D1AA99AA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5952970A-E97F-487C-A22C-258F57E18749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "823FA621-A72C-4927-AA9E-3359FFAFA031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "99679F07-ED44-47EE-AD51-3139F30B88DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBE2567C-BF48-4255-9E56-590A6F9DD932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8DDD98-9A2D-402D-9172-F3C4C4C97FEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C8302B-631A-4DF7-839B-C6F3CC39E000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB318EB9-1B49-452A-92CF-89D9BA990AB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5913A53B-7B72-4CBD-ADAE-318333EB8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "815E58C0-327D-4F14-B496-05FC8179627E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF2D056-5120-4F98-8343-4EC31F962CFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "516E0E86-3D8A-43F9-9DD5-865F5C889FC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A7A9D3C-4BB6-4974-BF96-6E6728196F4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "486EDE1B-37E0-4DDF-BFC9-C8C8945D5E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC7F18-B227-4C46-9A33-FB34DDE456CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCDB903F-0C89-4E65-857E-553CF9C192E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6BF8B1E-68F7-4F27-AD1F-FA02B256BDAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0DEB63-CA70-44C1-9491-E0790D1A8E21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8E73E5-BA41-4FA2-8457-803A97FB00C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4975D8ED-7DCB-430F-98E1-DB165D6DA7E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCBF8CDE-5E75-4DF8-AE1A-B7377953917A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AC4A04B-738C-4018-BB2F-FBEC8746200C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94222D76-82BE-4FFB-BE4B-5DBAF3080D4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B45F3BF0-9EB6-4A06-B6F7-DE95DD13EFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91D1232E-4D0A-4BDC-99F6-25AEE014E9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "105E9F52-D17E-4A0B-9C46-FD32A930B1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DE2055D-AAA4-4A6A-918F-349A9749AF09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C12409B2-161B-4F78-B7AD-3CF69DDCC574",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2F1DA4-6625-469D-988B-5457B68851A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "870F4348-6001-4C2F-A547-61964074E7C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E26D52-D95A-4547-BE6E-4F142F54A624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAB2D1D-BE61-4D7C-B305-58B4F4126620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5F8D8B-34C5-4EBC-BB20-4D11191238B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E260F1F9-0068-4289-A8E8-C30220C2E1F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE16023-9A5E-46D5-B597-E6885C224786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "84D64D74-9645-4CB7-B710-4FC26FB65B37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCF2794E-6B48-496B-B6CA-CDC7FC2160CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB12063-F487-4067-A7A5-4482E19D8D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEEC35A2-B17C-46EC-8697-9E03568339BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00562C18-DD81-4B09-AF93-739AF8757A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B52D093-7867-4FE8-B055-D8190103A1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1A06EE-26BD-4CDA-AEB9-01124FC37E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF855730-C61C-4FDC-96CB-57775A903421",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D93296E1-AEA2-443E-B9AA-D70535DDD093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "992C3EC0-4C12-4FB0-8844-9EFB91DA95E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E3EBF1D-D5BD-4A22-B76A-2BAB21534E70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DC4E8A-A728-4734-B67A-C58C37DA90C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D59B0E32-9E71-4E41-BBAF-7A20008E43E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7213327F-6909-43A7-952E-11600C28D4E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10EF0EA6-C8B6-40A7-A3AE-8639CA94D5C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F645F3-9767-4FD8-94EB-1096DF24E6C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C342A823-EF6F-4557-9F9E-D8893EA4C2BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85A443F-0802-412F-9AEE-3525311C93D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "06253BA8-7F1E-4C79-9B2E-197307A627F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges."
    },
    {
      "lang": "es",
      "value": "PostgreSQL 8.2 anterior a 8.2.6, 8.1 anterior a 8.1.11, 8.0 anterior a 8.0.15, 7.4 anterior a 7.4.19, y 7.3 anterior a 7.3.21 utiliza privilegios de super usuario en lugar de los privilegios del propietario de la tabla para las operaciones (1) VACUUM y (2) ANALYZE en funciones de \u00edndice, y soporta (3) SET ROLE y (4) SET SESSION AUTHORIZATION en funciones de \u00edndice, lo cual permite a usuarios remotos autenticados obtener privilegios."
    }
  ],
  "id": "CVE-2007-6600",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-09T21:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28359"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28376"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28437"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28438"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28445"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28454"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28455"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28464"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28479"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28679"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28698"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29638"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1019157"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1460"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1463"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.postgresql.org/about/news.905"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27163"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0061"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0109"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1071/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39496"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-1768"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/568-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28464"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200801-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.postgresql.org/about/news.905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/485864/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486407/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1071/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/568-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2008-AVI-005

Vulnerability from certfr_avis - Published: 2008-01-08 - Updated: 2008-01-08

Des vulnérabilités dans PostgreSQL permettent de réaliser un déni de service ou une élévation de privilèges.

Description

Plusieurs vulnérabilités ont été découvertes dans PostgreSQL :

une des fonctionnalités de PostgreSQL permet de créer une indexation des résultats de fonctions définies par l'utilisateur. Des vulnérabilités dans les fonctions d'indexation permettent d'élever les privilèges de l'utilisateur (CVE-2007-6600) ;
des problèmes ont été découverts dans les bibliothèques permettant le traitement des expressions régulières par PostgreSQL. Un utilisateur malintentionné peut, par le biais d'expressions régulières spécifiques, réaliser un déni de service (CVE-2007-4769, CVE-2007-4772 et CVE-2007-6067) ;
une vulnérabilité dans les fonctions DBLink permet l'élévation des privilèges (CVE-2007-6601).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

PostgreSQL versions 7.3, 7.4, 8.0, 8.1 et 8.2.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-6600 (GCVE-0-2007-6600)

GSD-2007-6600

GHSA-R647-CWMV-XWWC

FKIE_CVE-2007-6600

CERTA-2008-AVI-005

Description

Solution

Tags

Sightings

Nomenclature