CVE-2010-1975

2010-05-1800:00:00

ubuntu.com

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

71.3%

JSON

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2
before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly
check privileges during certain RESET ALL operations, which allows remote
authenticated users to remove arbitrary parameter settings via a (1) ALTER
USER or (2) ALTER DATABASE statement.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchpostgresql-8.1< 8.1.21-0ubuntu0.6.06UNKNOWN
ubuntu8.04noarchpostgresql-8.3< 8.3.11-0ubuntu8.04UNKNOWN
ubuntu9.04noarchpostgresql-8.3< 8.3.11-0ubuntu9.04UNKNOWN
ubuntu9.10noarchpostgresql-8.4< 8.4.4-0ubuntu9.10UNKNOWN
ubuntu10.04noarchpostgresql-8.4< 8.4.4-0ubuntu10.04UNKNOWN
ubuntu10.10noarchpostgresql-8.4< 8.4.4-1UNKNOWN
ubuntu11.04noarchpostgresql-8.4< 8.4.4-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	postgresql-8.1	< 8.1.21-0ubuntu0.6.06	UNKNOWN
ubuntu	8.04	noarch	postgresql-8.3	< 8.3.11-0ubuntu8.04	UNKNOWN
ubuntu	9.04	noarch	postgresql-8.3	< 8.3.11-0ubuntu9.04	UNKNOWN
ubuntu	9.10	noarch	postgresql-8.4	< 8.4.4-0ubuntu9.10	UNKNOWN
ubuntu	10.04	noarch	postgresql-8.4	< 8.4.4-0ubuntu10.04	UNKNOWN
ubuntu	10.10	noarch	postgresql-8.4	< 8.4.4-1	UNKNOWN
ubuntu	11.04	noarch	postgresql-8.4	< 8.4.4-1	UNKNOWN