Lucene search

[email protected]NVD:CVE-2012-0866

HistoryJul 18, 2012 - 11:55 p.m.

CVE-2012-0866

2012-07-1823:55:01

CWE-264

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

Affected configurations

NVD

Node

postgresqlpostgresqlMatch8.3

postgresqlpostgresqlMatch8.3.1

postgresqlpostgresqlMatch8.3.2

postgresqlpostgresqlMatch8.3.3

postgresqlpostgresqlMatch8.3.4

postgresqlpostgresqlMatch8.3.5

postgresqlpostgresqlMatch8.3.6

postgresqlpostgresqlMatch8.3.7

postgresqlpostgresqlMatch8.3.8

postgresqlpostgresqlMatch8.3.9

postgresqlpostgresqlMatch8.3.10

postgresqlpostgresqlMatch8.3.11

postgresqlpostgresqlMatch8.3.12

postgresqlpostgresqlMatch8.3.13

postgresqlpostgresqlMatch8.3.14

postgresqlpostgresqlMatch8.3.15

postgresqlpostgresqlMatch8.3.16

postgresqlpostgresqlMatch8.3.17

Node

postgresqlpostgresqlMatch8.4

postgresqlpostgresqlMatch8.4.1

postgresqlpostgresqlMatch8.4.2

postgresqlpostgresqlMatch8.4.3

postgresqlpostgresqlMatch8.4.4

postgresqlpostgresqlMatch8.4.5

postgresqlpostgresqlMatch8.4.6

postgresqlpostgresqlMatch8.4.7

postgresqlpostgresqlMatch8.4.8

postgresqlpostgresqlMatch8.4.9

postgresqlpostgresqlMatch8.4.10

Node

postgresqlpostgresqlMatch9.0

postgresqlpostgresqlMatch9.0.1

postgresqlpostgresqlMatch9.0.2

postgresqlpostgresqlMatch9.0.3

postgresqlpostgresqlMatch9.0.4

postgresqlpostgresqlMatch9.0.5

postgresqlpostgresqlMatch9.0.6

Node

postgresqlpostgresqlMatch9.1

postgresqlpostgresqlMatch9.1.1

postgresqlpostgresqlMatch9.1.2

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.opensuse.org/opensuse-updates/2012-09/msg00060.html

rhn.redhat.com/errata/RHSA-2012-0677.html

rhn.redhat.com/errata/RHSA-2012-0678.html

secunia.com/advisories/49272

secunia.com/advisories/49273

www.debian.org/security/2012/dsa-2418

www.mandriva.com/security/advisories?name=MDVSA-2012:026

www.mandriva.com/security/advisories?name=MDVSA-2012:027

www.mandriva.com/security/advisories?name=MDVSA-2012:092

www.postgresql.org/about/news/1377/

www.postgresql.org/docs/8.3/static/release-8-3-18.html

www.postgresql.org/docs/8.4/static/release-8-4-11.html

www.postgresql.org/docs/9.0/static/release-9-0-7.html

www.postgresql.org/docs/9.1/static/release-9-1-3.html

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for NVD:CVE-2012-0866

ubuntucve1 prion1 cve1 cvelist1 veracode3 postgresql1 nessus28 openvas40 securityvulns2 centos2 redhat2 debian1 oraclelinux3 fedora7 amazon1 ubuntu1 freebsd1 osv1 seebug1 gentoo1