CVE-2009-3230

NONECVSS 0.0

0.0

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.

🔗 References (44)

cve@mitrehttp://archives.postgresql.org/pgsql-www/2009-09/msg00024.php
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
cve@mitrehttp://marc.info/?l=bugtraq&m=134124585221119&w=2
cve@mitrehttp://secunia.com/advisories/36660
cve@mitrehttp://secunia.com/advisories/36695
cve@mitrehttp://secunia.com/advisories/36727
cve@mitrehttp://secunia.com/advisories/36800
cve@mitrehttp://secunia.com/advisories/36837
cve@mitrehttp://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
cve@mitrehttp://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012
cve@mitrehttp://www.postgresql.org/docs/8.3/static/release-8-3-8.html
cve@mitrehttp://www.postgresql.org/support/security.html
cve@mitrehttp://www.securityfocus.com/archive/1/509917/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/36314

Is Your Infrastructure Affected by CVE-2009-3230?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-3230

📅 Published

🔄 Last Modified

🔗 References (44)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-3230?