Lucene search

K

PRIOn knowledge basePRION:CVE-2009-3230

HistorySep 17, 2009 - 10:30 a.m.

Authorization

2009-09-1710:30:00

PRIOn knowledge base

www.prio-n.com

4

6.6 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.2%

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.

CPENameOperatorVersion
postgresqleq7.4.16
postgresqleq8.1.10
postgresqleq8.1.6
postgresqleq8.2.9
postgresqleq8.0.7
postgresqleq8.0.2
postgresqleq8.1.15
postgresqleq8.1.7
postgresqleq8.3.6
postgresqleq8.2.10

Rows per page:

1-10 of 871

References

archives.postgresql.org/pgsql-www/2009-09/msg00024.php

lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

secunia.com/advisories/36660

secunia.com/advisories/36695

secunia.com/advisories/36727

secunia.com/advisories/36800

secunia.com/advisories/36837

sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1

wiki.rpath.com/wiki/Advisories:rPSA-2010-0012

www.postgresql.org/docs/8.3/static/release-8-3-8.html

www.postgresql.org/support/security.html

www.securityfocus.com/archive/1/509917/100/0/threaded

www.securityfocus.com/bid/36314

www.ubuntu.com/usn/usn-834-1

www.us.debian.org/security/2009/dsa-1900

www.vupen.com/english/advisories/2009/2602

bugzilla.redhat.com/show_bug.cgi?id=522085

marc.info/?l=bugtraq&m=134124585221119&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10166

www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html

www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html

6.6 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.2%

Related for PRION:CVE-2009-3230

openvas78 centos4 nessus55 ubuntucve3 veracode2 redhat6 cve3 prion2 securityvulns5 ubuntu2 postgresql2 freebsd2 fedora4 oraclelinux5 debian3 osv3 suse1 gentoo2