Veracode Vulnerability DatabaseVERACODE:24199Denial Of Service (DoS)
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
PostgreSQL is vulnerable to Denial Of Service (DoS). It does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
References
lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
marc.info/?l=bugtraq&m=134124585221119&w=2
secunia.com/advisories/39939
www.debian.org/security/2010/dsa-2051
www.mandriva.com/security/advisories?name=MDVSA-2010:103
www.postgresql.org/docs/current/static/release-7-4-29.html
www.postgresql.org/docs/current/static/release-8-0-25.html
www.postgresql.org/docs/current/static/release-8-1-21.html
www.postgresql.org/docs/current/static/release-8-2-17.html
www.postgresql.org/docs/current/static/release-8-3-11.html
www.postgresql.org/docs/current/static/release-8-4-4.html
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/bid/40304
www.vupen.com/english/advisories/2010/1207
www.vupen.com/english/advisories/2010/1221
access.redhat.com/errata/RHSA-2010:0428
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004
Related
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N