6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
postgresql is vulnerable to privilege escalation. The vulnerability exists as it was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0040 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges.
archives.postgresql.org/pgsql-www/2009-09/msg00024.php
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
marc.info/?l=bugtraq&m=134124585221119&w=2
secunia.com/advisories/36660
secunia.com/advisories/36695
secunia.com/advisories/36727
secunia.com/advisories/36800
secunia.com/advisories/36837
sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
www.postgresql.org/docs/8.3/static/release-8-3-8.html
www.postgresql.org/support/security.html
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/archive/1/509917/100/0/threaded
www.securityfocus.com/bid/36314
www.ubuntu.com/usn/usn-834-1
www.us.debian.org/security/2009/dsa-1900
www.vupen.com/english/advisories/2009/2602
access.redhat.com/errata/RHSA-2009:1461
bugzilla.redhat.com/show_bug.cgi?id=522085
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10166
www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html