6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
postgresql is vulnerable to privilege escalation. The vulnerability exists as an authenticated attacker could use dblink to possibly escalate privileges on systems with “trust” or “ident” authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed.
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
osvdb.org/40899
secunia.com/advisories/28376
secunia.com/advisories/28437
secunia.com/advisories/28438
secunia.com/advisories/28445
secunia.com/advisories/28454
secunia.com/advisories/28477
secunia.com/advisories/28479
secunia.com/advisories/28679
secunia.com/advisories/29638
security.gentoo.org/glsa/glsa-200801-15.xml
sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
www.debian.org/security/2008/dsa-1460
www.debian.org/security/2008/dsa-1463
www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
www.mandriva.com/security/advisories?name=MDKSA-2007:188
www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2008-0038.html
www.redhat.com/support/errata/RHSA-2008-0039.html
www.redhat.com/support/errata/RHSA-2008-0040.html
www.securityfocus.com/archive/1/471541/100/0/threaded
www.securityfocus.com/archive/1/471644/100/0/threaded
www.vupen.com/english/advisories/2008/0109
www.vupen.com/english/advisories/2008/1071/references
access.redhat.com/errata/RHSA-2008:0038
exchange.xforce.ibmcloud.com/vulnerabilities/35142
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334
usn.ubuntu.com/568-1/