CVE-2012-0866

2012-02-2800:00:00

ubuntu.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.7%

JSON

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11,
9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the
execute permission for trigger functions marked SECURITY DEFINER, which
allows remote authenticated users to execute otherwise restricted triggers
on arbitrary data by installing the trigger on an attacker-owned table.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/941912>

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchpostgresql-8.3< 8.3.18-0ubuntu0.8.04UNKNOWN
ubuntu10.04noarchpostgresql-8.4< 8.4.11-0ubuntu0.10.04UNKNOWN
ubuntu10.10noarchpostgresql-8.4< 8.4.11-0ubuntu0.10.10UNKNOWN
ubuntu11.04noarchpostgresql-8.4< 8.4.11-0ubuntu0.11.04UNKNOWN
ubuntu11.10noarchpostgresql-9.1< 9.1.3-0ubuntu0.11.10UNKNOWN
ubuntu12.04noarchpostgresql-9.1< 9.1.3-1UNKNOWN
ubuntu12.10noarchpostgresql-9.1< 9.1.3-1UNKNOWN
ubuntu13.04noarchpostgresql-9.1< 9.1.3-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	postgresql-8.3	< 8.3.18-0ubuntu0.8.04	UNKNOWN
ubuntu	10.04	noarch	postgresql-8.4	< 8.4.11-0ubuntu0.10.04	UNKNOWN
ubuntu	10.10	noarch	postgresql-8.4	< 8.4.11-0ubuntu0.10.10	UNKNOWN
ubuntu	11.04	noarch	postgresql-8.4	< 8.4.11-0ubuntu0.11.04	UNKNOWN
ubuntu	11.10	noarch	postgresql-9.1	< 9.1.3-0ubuntu0.11.10	UNKNOWN
ubuntu	12.04	noarch	postgresql-9.1	< 9.1.3-1	UNKNOWN
ubuntu	12.10	noarch	postgresql-9.1	< 9.1.3-1	UNKNOWN
ubuntu	13.04	noarch	postgresql-9.1	< 9.1.3-1	UNKNOWN