85 matches found
PostgreSQL privilege escalation
With SET ROLE or SET SESSION AUTHORIZATION it's possible to elevate privileges to any database acccount, including superuser or cause database engine crash...
Security feature bypass
PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678...
CVE-2006-0553
PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678...
Vulnerability in core server (CVE-2006-0553)
A bug in the handling of SET ROLE allows escalation of privileges to any other database user, including superuser. A valid login is required to exploit this vulnerability...
postgresql81-server -- SET ROLE privilege escalation
The PostgreSQL team reports: Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example...