New Search

PostgreSQL 8.2 before 8.2.6 8.1 before 8.1.11 8.0 before 8.0.15 7.4 before 7.4.19 and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions which allows remote authenticated users to gain privileges.

oval:org.mitre.oval:def:10493

PostgreSQL 8.2 before 8.2.6 8.1 before 8.1.11 8.0 before 8.0.15 7.4 before 7.4.19 and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions which allows remote authenticated users to gain privileges.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Oracle Linux 4
  • Red Hat Enterprise Linux 3
  • CentOS Linux 5
  • CentOS Linux 3
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • Oracle Linux 5
  • Red Hat Enterprise Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2007-6600
Product(s):