Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23207

HistoryApr 10, 2020 - 12:19 a.m.

Privilege Escalation

2020-04-1000:19:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

postgresql is vulnerable to privilege escalation. The vulnerability exists as an authenticated attacker could use dblink to possibly escalate privileges on systems with “trust” or “ident” authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed.

CPENameOperatorVersion
postgresqleq8.1.9__1.el4s1.1
postgresqleq7.4.19__1.el4_6.1
postgresqleq8.1.8__1.el4s1.1
postgresqleq8.1.8__1.el5
postgresqleq8.1.4__1.el4s1.1
postgresqleq8.1.9__1.el5
postgresqleq8.1.11__1.el5_1.1
postgresqleq8.1.7__3.el4s1.1
postgresqleq8.2.4__6.el5s2
postgresqleq8.1.9__1.el4s1.1

Rows per page:

1-10 of 181

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

osvdb.org/40899

secunia.com/advisories/28376

secunia.com/advisories/28437

secunia.com/advisories/28438

secunia.com/advisories/28445

secunia.com/advisories/28454

secunia.com/advisories/28477

secunia.com/advisories/28479

secunia.com/advisories/28679

secunia.com/advisories/29638

security.gentoo.org/glsa/glsa-200801-15.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

www.debian.org/security/2008/dsa-1460

www.debian.org/security/2008/dsa-1463

www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:188

www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2008-0038.html

www.redhat.com/support/errata/RHSA-2008-0039.html

www.redhat.com/support/errata/RHSA-2008-0040.html

www.securityfocus.com/archive/1/471541/100/0/threaded

www.securityfocus.com/archive/1/471644/100/0/threaded

www.vupen.com/english/advisories/2008/0109

www.vupen.com/english/advisories/2008/1071/references

access.redhat.com/errata/RHSA-2008:0038

exchange.xforce.ibmcloud.com/vulnerabilities/35142

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334

usn.ubuntu.com/568-1/

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

Related for VERACODE:23207

prion2 cve2 ubuntucve2 redhat3 nessus13 openvas25 securityvulns3 centos2 osv2 debian2 gentoo1 oraclelinux1 ubuntu1