Vulnerability Name:

CVE-2005-0244 (CCN-19184)

Assigned:2005-01-27
Published:2005-01-27
Updated:2017-10-11
Summary:PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: SGI Security Advisory 20050207-01-U
SGI Advanced Linux Environment 3 Security Update #27

Source: MLIST
Type: Vendor Advisory
[pgsql-hackers] 20050127 Permissions on aggregate component functions

Source: MITRE
Type: CNA
CVE-2005-0244

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2005:1008
Fix for several PostgreSQL vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20050210 [USN-79-1] PostgreSQL vulnerabilities

Source: CCN
Type: RHSA-2005-138
postgresql security update

Source: CCN
Type: RHSA-2005-141
rh-postgresql security update

Source: CCN
Type: SA12948
PostgreSQL Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
12948

Source: CCN
Type: CIAC Information Bulletin: P-139
PostgreSQL Vulnerabilities

Source: CCN
Type: GLSA-200502-08
PostgreSQL: Multiple vulnerabilities

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:040

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:036

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:138

Source: BID
Type: UNKNOWN
12417

Source: CCN
Type: BID-12417
PostgreSQL Multiple Remote Vulnerabilities

Source: CCN
Type: TLSA-2005-38
Multiple vulnerabilities exist in Postgresql

Source: CCN
Type: USN-79-1
PostgreSQL vulnerabilities

Source: CCN
Type: PostgreSQL FTP Web page
FTP Browser

Source: XF
Type: UNKNOWN
postgresql-security-bypass(19184)

Source: XF
Type: UNKNOWN
postgresql-security-bypass(19184)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10927

Source: SUSE
Type: SUSE-SA:2005:024
cvs: remote code execution

Source: SUSE
Type: SUSE-SA:2005:036
sudo: race condition arbitrary code execution

Source: SUSE
Type: SUSE-SR:2005:005
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:006
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:007
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:008
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:009
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:010
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:011
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20050244
    V
    		CVE-2005-0244
    2015-11-16
    oval:org.mitre.oval:def:10927
    V
    		Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
    2013-04-29
    oval:com.redhat.rhsa:def:20050138
    P
    		RHSA-2005:138: postgresql security update (Important)
    2005-02-15
    oval:com.redhat.rhsa:def:20050141
    P
    		RHSA-2005:141: rh-postgresql security update (Important)
    2005-02-14
    BACK
    postgresql postgresql 7.2
    postgresql postgresql 7.2.1
    postgresql postgresql 7.2.2
    postgresql postgresql 7.2.3
    postgresql postgresql 7.2.4
    postgresql postgresql 7.2.5
    postgresql postgresql 7.2.6
    postgresql postgresql 7.2.7
    postgresql postgresql 7.3
    postgresql postgresql 7.3.1
    postgresql postgresql 7.3.2
    postgresql postgresql 7.3.3
    postgresql postgresql 7.3.4
    postgresql postgresql 7.3.5
    postgresql postgresql 7.3.6
    postgresql postgresql 7.3.7
    postgresql postgresql 7.3.8
    postgresql postgresql 7.3.9
    postgresql postgresql 7.4
    postgresql postgresql 7.4.1
    postgresql postgresql 7.4.2
    postgresql postgresql 7.4.3
    postgresql postgresql 7.4.4
    postgresql postgresql 7.4.5
    postgresql postgresql 7.4.6
    postgresql postgresql 7.4.7
    postgresql postgresql 8.0.0
    postgresql postgresql 7.2.1
    postgresql postgresql 7.2.2
    postgresql postgresql 7.2
    postgresql postgresql 7.3
    postgresql postgresql 7.4.3
    postgresql postgresql 7.4
    postgresql postgresql 7.2.3
    postgresql postgresql 7.2.4
    postgresql postgresql 7.3.1
    postgresql postgresql 7.3.2
    postgresql postgresql 7.3.3
    postgresql postgresql 7.4.1
    postgresql postgresql 7.4.2
    postgresql postgresql 7.4.4
    postgresql postgresql 7.4.5
    postgresql postgresql 7.4.6
    postgresql postgresql 7.4.7
    postgresql postgresql 7.2.5
    postgresql postgresql 7.2.6
    postgresql postgresql 7.2.7
    postgresql postgresql 8.0.0
    postgresql postgresql 7.3.4
    postgresql postgresql 7.3.5
    postgresql postgresql 7.3.6
    postgresql postgresql 7.3.7
    postgresql postgresql 7.3.8
    postgresql postgresql 7.3.9
    gentoo linux *
    suse linux enterprise server 8
    mandrakesoft mandrake linux corporate server 2.1
    suse suse linux 8.2
    suse suse linux 9.0
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    redhat enterprise linux 3
    conectiva linux 10
    suse suse linux 9.2
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux home *
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1
    suse suse linux 9.3