CVE-2007-6600

CVE Details

Release Date:	2008-01-09
Impact:	Moderate	What is this?

Description

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.

See more information about CVE-2007-6600 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v2 metrics

Base Score:	6.5
Vector String:	AV:N/AC:L/Au:S/C:P/I:P/A:P
Version:	2.0
Attack Vector:	Network
Attack Complexity:	Low
Authentication:	Single
Confidentiality Impact:	Partial
Integrity Impact:	Partial
Availability Impact:	Partial

Errata information

Platform	Errata	Release Date
Oracle Enterprise Linux version 4 (postgresql)	ELSA-2008-0038	2008-01-11
Oracle Linux version 5 (postgresql)	ELSA-2008-0038	2008-01-11