CVE-2007-6600
Description
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
Risk Information
Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.809
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2007-4772,CVE-2007-6600 are affected in Postgresql 8.2.5 | Windows |
| Vulnerabilities CVE-2007-6601,CVE-2007-6600,CVE-2007-4769 are fixed in PostgreSQL 8.2.6 | Windows |
| Vulnerabilities CVE-2007-6601,CVE-2007-6600,CVE-2007-4769 are fixed in PostgreSQL 8.1.11 | Windows |
| Vulnerabilities CVE-2007-6601,CVE-2007-6600,CVE-2007-4769 are fixed in PostgreSQL 8.0.15 | Windows |
| Vulnerabilities CVE-2007-6601,CVE-2007-6600,CVE-2007-4769 are fixed in PostgreSQL 7.4.19 | Windows |
| Vulnerabilities CVE-2007-6601,CVE-2007-6600 are fixed in PostgreSQL 7.3.21 | Windows |
| Vulnerability CVE-2007-4772,CVE-2007-6600 are affected in Postgresql 8.2.5 (For Linux) | Linux |
| Vulnerabilities CVE-2007-6601,CVE-2007-6600,CVE-2007-4769 are fixed in PostgreSQL 8.2.6 (For Linux) | Linux |
| Vulnerabilities CVE-2007-6601,CVE-2007-6600,CVE-2007-4769 are fixed in PostgreSQL 8.1.11 (For Linux) | Linux |
| Vulnerabilities CVE-2007-6601,CVE-2007-6600,CVE-2007-4769 are fixed in PostgreSQL 8.0.15 (For Linux) | Linux |
| Vulnerabilities CVE-2007-6601,CVE-2007-6600,CVE-2007-4769 are fixed in PostgreSQL 7.4.19 (For Linux) | Linux |
| Vulnerabilities CVE-2007-6601,CVE-2007-6600 are fixed in PostgreSQL 7.3.21 (For Linux) | Linux |
| Postgresql-server update (ELSA-2024-10882) postgresql-server-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-pltcl update (ELSA-2024-10882) postgresql-pltcl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plpython update (ELSA-2024-10882) postgresql-plpython-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plperl update (ELSA-2024-10882) postgresql-plperl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-docs update (ELSA-2024-10882) postgresql-docs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-contrib update (ELSA-2024-10882) postgresql-contrib-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-test update (ELSA-2024-10882) postgresql-test-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234