Lucene search
FreeBSD42D42090-9A4D-11E3-B029-08002798F6FFHistoryFeb 20, 2014 - 12:00 a.m.
PostgreSQL -- multiple privilege issues
2014-02-2000:00:00
vuxml.freebsd.org
12
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.927 High
EPSS
Percentile
99.0%
PostgreSQL Project reports:
This update fixes CVE-2014-0060, in which PostgreSQL did not
properly enforce the WITH ADMIN OPTION permission for ROLE management.
Before this fix, any member of a ROLE was able to grant others access
to the same ROLE regardless if the member was given the WITH ADMIN
OPTION permission. It also fixes multiple privilege escalation issues,
including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
CVE-2014-0065, and CVE-2014-0066. More information on these issues can
be found on our security page and the security issue detail wiki page.
With this release, we are also alerting users to a known security hole
that allows other users on the same machine to gain access to an
operating system account while it is doing "make check":
CVE-2014-0067. "Make check" is normally part of building PostgreSQL
from source code. As it is not possible to fix this issue without
causing significant issues to our testing infrastructure, a patch will
be released separately and publicly. Until then, users are strongly
advised not to run "make check" on machines where untrusted users have
accounts.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | postgresql-server | < 8.4.20 | UNKNOWN |
Related
securityvulns
securityvulns
PostgreSQL multiple security vulnerabilities
2014-02-28 00:00:00
[USN-2120-1] PostgreSQL vulnerabilities
2014-02-28 00:00:00
APPLE-SA-2014-09-17-5 OS X Server 3.2.1
2014-09-21 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2014:0461-1)
2021-06-09 00:00:00
Debian: Security Advisory (DSA-2864-1)
2014-02-19 00:00:00
debian
debian
[SECURITY] [DSA 2864-1] postgresql-8.4 security update
2014-02-20 17:05:33
[SECURITY] [DSA 2865-1] postgresql-9.1 security update
2014-02-20 21:25:41
[DLA-0019-1] postgresql-8.4 update
2014-07-29 09:44:29
nessus
nessus
Mandriva Linux Security Advisory : postgresql (MDVSA-2014:047)
2014-02-23 00:00:00
Debian DSA-2864-1 : postgresql-8.4 - several vulnerabilities
2014-02-21 00:00:00
openSUSE Security Update : postgresql92 (openSUSE-SU-2014:0345-1)
2014-06-13 00:00:00
mageia
mageia
Updated postgresql packages fix multiple vulnerabilities
2014-05-17 04:20:42
Updated postgresql packages fix multiple security vulnerabilities
2014-05-09 01:29:25
oraclelinux
oraclelinux
postgresql84 and postgresql security update
2014-02-25 00:00:00
postgresql security update
2014-03-04 00:00:00
kaspersky
kaspersky
KLA10297 Multiple vulnerabilities in PostgreSQL
2014-03-31 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 05:01:19
Code Execution Using A Race Condition
2019-05-02 05:01:19
Integer Overflow
2019-05-02 05:01:20
centos
centos
postgresql security update
2014-03-04 20:53:33
postgresql, postgresql84 security update
2014-02-25 18:39:58
postgresql92 security update
2014-02-28 01:35:22
osv
osv
postgresql-8.4 - several
2014-02-20 00:00:00
postgresql-9.1 - several
2014-02-20 00:00:00
postgresql-8.4 - new upstream minor release
2014-07-29 00:00:00
redhat
redhat
(RHSA-2014:0211) Important: postgresql84 and postgresql security update
2014-02-25 00:00:00
(RHSA-2014:0249) Important: postgresql security update
2014-03-04 00:00:00
(RHSA-2014:0221) Important: postgresql92-postgresql security update
2014-02-27 00:00:00
amazon
amazon
Important: postgresql9
2014-03-13 18:12:00
Important: postgresql8
2014-03-13 18:12:00
Medium: postgresql92
2015-03-13 02:37:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2014-02-24 00:00:00
seebug
seebug
Nixu NameSurfer多个安全漏洞
2014-04-08 00:00:00
PostgreSQL安全限制绕过漏洞
2014-02-25 00:00:00
PostgreSQL远程栈缓冲区溢出漏洞
2014-02-25 00:00:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2014-08-29 00:00:00
ubuntucve
ubuntucve
cve
cve
huawei
huawei
Security Advisory - Two Buffer Overflow Vulnerabilities in the GaussDB
2017-05-31 00:00:00
Security Advisory - Two Privilege Escalation Vulnerabilities in the GaussDB
2017-05-31 00:00:00
prion
prion
Buffer overflow
2014-03-31 14:58:00
Stack overflow
2014-03-31 14:58:00
Command injection
2014-03-31 14:58:00
checkpoint_advisories
checkpoint_advisories
PostgreSQL Database geo_ops path_in Integer Overflow (CVE-2014-0064)
2014-03-17 00:00:00
PostgreSQL Database SET ROLE Security Bypass (CVE-2014-0060)
2014-03-17 00:00:00
PostgreSQL Database Datetime Buffer Overflow (CVE-2014-0063)
2014-04-08 00:00:00
postgresql
postgresql
Vulnerability in core server (CVE-2014-0064)
2014-03-31 14:58:00
Vulnerability in core server (CVE-2014-0060)
2014-03-31 14:58:00
Vulnerability in contrib module (CVE-2014-0066)
2014-03-31 14:58:00
debiancve
debiancve
CVE-2014-0061
2014-03-31 14:58:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.927 High
EPSS
Percentile
99.0%
Related for 42D42090-9A4D-11E3-B029-08002798F6FF