Lucene search

[email protected]CVE-2006-0553

HistoryFeb 14, 2006 - 7:06 p.m.

CVE-2006-0553

2006-02-1419:06:00

CWE-264

[email protected]

web.nvd.nist.gov

postgresql

cve-2006-0553

privilege escalation

backend protocol

nvd

6.2 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.9%

JSON

PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via “knowledge of the backend protocol” using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.

CPENameOperatorVersion
postgresql:postgresqlpostgresqleq8.1.0
postgresql:postgresqlpostgresqleq8.1.1
postgresql:postgresqlpostgresqleq8.1.2

CPE	Name	Operator	Version
postgresql:postgresql	postgresql	eq	8.1.0
postgresql:postgresql	postgresql	eq	8.1.1
postgresql:postgresql	postgresql	eq	8.1.2

References

archives.postgresql.org/pgsql-announce/2006-02/msg00008.php

secunia.com/advisories/18890

securitytracker.com/id?1015636

www.kb.cert.org/vuls/id/567452

www.openpkg.org/security/OpenPKG-SA-2006.004-postgresql.html

www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3

www.securityfocus.com/archive/1/425037/100/0/threaded

www.securityfocus.com/bid/16649

www.vupen.com/english/advisories/2006/0605

exchange.xforce.ibmcloud.com/vulnerabilities/24718

6.2 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for CVE-2006-0553

cve1 ubuntucve2 prion2 securityvulns1 openvas2 cvelist2 redhatcve1 freebsd1 postgresql2 nessus2 cert1 ubuntu1