Oval Definition:oval:org.mitre.oval:def:10166
Revision Date:2013-04-29Version:12
Title:The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Description:The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-3230
Platform(s):CentOS Linux 3
CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • rh-postgresql-devel is earlier than 0:7.3.21-2
  • OR rh-postgresql-server is earlier than 0:7.3.21-2
  • OR rh-postgresql-python is earlier than 0:7.3.21-2
  • OR rh-postgresql-libs is earlier than 0:7.3.21-2
  • OR rh-postgresql-docs is earlier than 0:7.3.21-2
  • OR rh-postgresql-test is earlier than 0:7.3.21-2
  • OR rh-postgresql-pl is earlier than 0:7.3.21-2
  • OR rh-postgresql-tcl is earlier than 0:7.3.21-2
  • OR rh-postgresql is earlier than 0:7.3.21-2
  • OR rh-postgresql-contrib is earlier than 0:7.3.21-2
  • OR rh-postgresql-jdbc is earlier than 0:7.3.21-2
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • postgresql is earlier than 0:7.4.26-1.el4_8.1
  • OR postgresql-docs is earlier than 0:7.4.26-1.el4_8.1
  • OR postgresql-pl is earlier than 0:7.4.26-1.el4_8.1
  • OR postgresql-tcl is earlier than 0:7.4.26-1.el4_8.1
  • OR postgresql-libs is earlier than 0:7.4.26-1.el4_8.1
  • OR postgresql-contrib is earlier than 0:7.4.26-1.el4_8.1
  • OR postgresql-python is earlier than 0:7.4.26-1.el4_8.1
  • OR postgresql-test is earlier than 0:7.4.26-1.el4_8.1
  • OR postgresql-jdbc is earlier than 0:7.4.26-1.el4_8.1
  • OR postgresql-server is earlier than 0:7.4.26-1.el4_8.1
  • OR postgresql-devel is earlier than 0:7.4.26-1.el4_8.1
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • postgresql is earlier than 0:8.1.18-2.el5_4.1
  • OR postgresql-docs is earlier than 0:8.1.18-2.el5_4.1
  • OR postgresql-pl is earlier than 0:8.1.18-2.el5_4.1
  • OR postgresql-tcl is earlier than 0:8.1.18-2.el5_4.1
  • OR postgresql-libs is earlier than 0:8.1.18-2.el5_4.1
  • OR postgresql-contrib is earlier than 0:8.1.18-2.el5_4.1
  • OR postgresql-python is earlier than 0:8.1.18-2.el5_4.1
  • OR postgresql-test is earlier than 0:8.1.18-2.el5_4.1
  • OR postgresql-server is earlier than 0:8.1.18-2.el5_4.1
  • OR postgresql-devel is earlier than 0:8.1.18-2.el5_4.1
    • BACK