Home

CVE-2006-0553

Description

PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via knowledge of the backend protocol using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.

Risk Information

Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.48

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2006-0553,CVE-2006-0678 are affected in Postgresql 8.1.2Windows
Vulnerabilities CVE-2006-0553 are fixed in PostgreSQL 8.1.3Windows
Vulnerability CVE-2006-0553,CVE-2006-0678 are affected in Postgresql 8.1.2 (For Linux)Linux
Vulnerabilities CVE-2006-0553 are fixed in PostgreSQL 8.1.3 (For Linux)Linux
Postgresql-server update (ELSA-2024-10882) postgresql-server-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-pltcl update (ELSA-2024-10882) postgresql-pltcl-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-plpython update (ELSA-2024-10882) postgresql-plpython-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-plperl update (ELSA-2024-10882) postgresql-plperl-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.i686.rpmLinux
Postgresql-docs update (ELSA-2024-10882) postgresql-docs-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.i686.rpmLinux
Postgresql-contrib update (ELSA-2024-10882) postgresql-contrib-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.x86_64.rpmLinux
Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.i686.rpmLinux
Postgresql-test update (ELSA-2024-10882) postgresql-test-9.2.24-9.0.3.el7_9.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234