CVE-2012-0866
Description
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
Risk Information
Base Score
10.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.905
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2012-0866,CVE-2012-0867,CVE-2012-0868 are affected in Postgresql 9.1.2 | Windows |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 9.1.3 | Windows |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 9.0.7 | Windows |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 8.4.11 | Windows |
| Vulnerabilities CVE-2012-0868,CVE-2012-0866 are fixed in PostgreSQL 8.3.18 | Windows |
| Vulnerability CVE-2012-0866,CVE-2012-0867,CVE-2012-0868 are affected in Postgresql 9.1.2 (For Linux) | Linux |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 9.1.3 (For Linux) | Linux |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 9.0.7 (For Linux) | Linux |
| Vulnerabilities CVE-2012-0868,CVE-2012-0867,CVE-2012-0866 are fixed in PostgreSQL 8.4.11 (For Linux) | Linux |
| Vulnerabilities CVE-2012-0868,CVE-2012-0866 are fixed in PostgreSQL 8.3.18 (For Linux) | Linux |
| Postgresql-server update (ELSA-2024-10882) postgresql-server-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-pltcl update (ELSA-2024-10882) postgresql-pltcl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plpython update (ELSA-2024-10882) postgresql-plpython-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plperl update (ELSA-2024-10882) postgresql-plperl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-docs update (ELSA-2024-10882) postgresql-docs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-contrib update (ELSA-2024-10882) postgresql-contrib-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-test update (ELSA-2024-10882) postgresql-test-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| CVE-2012-0866 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234