Vulnerability Name: | CVE-2006-0553 (CCN-24718) | ||||||||
Assigned: | 2006-02-14 | ||||||||
Published: | 2006-02-14 | ||||||||
Updated: | 2018-10-19 | ||||||||
Summary: | PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678. | ||||||||
CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Wed Feb 15 2006 - 09:05:22 CST PostgreSQL security releases 8.1.3, 8.0.7, 7.4.12, 7.3.14 Source: MLIST Type: UNKNOWN [pgsql-announce] 20060214 Minor Releases 7.3 thru 8.1 Available to Fix Security Issue Source: MITRE Type: CNA CVE-2006-0553 Source: CCN Type: SA18890 PostgreSQL Privilege Escalation and Denial of Service Source: SECUNIA Type: Patch, Vendor Advisory 18890 Source: CCN Type: SECTRACK ID: 1015636 PostgreSQL SET ROLE Validation Error Lets Remote Authenticated Users Obtain Elevated Privileges Source: SECTRACK Type: UNKNOWN 1015636 Source: CCN Type: US-CERT VU#567452 PostgreSQL database privilege escalation vulnerability Source: CERT-VN Type: US Government Resource VU#567452 Source: CCN Type: OpenPKG-SA-2006.004 PostgreSQL Source: OPENPKG Type: Vendor Advisory OpenPKG-SA-2006.004 Source: CCN Type: OSVDB ID: 23224 PostgreSQL SET SESSION AUTHORIZATION Assert Failure DoS Source: CONFIRM Type: UNKNOWN http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3 Source: CCN Type: PostgreSQL Web site Downloads Source: BUGTRAQ Type: UNKNOWN 20060215 PostgreSQL security releases 8.1.3, 8.0.7, 7.4.12, 7.3.14 Source: BID Type: UNKNOWN 16649 Source: CCN Type: BID-16649 PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-0605 Source: XF Type: UNKNOWN postgresql-setrole-privilege-elevation(24718) Source: XF Type: UNKNOWN postgresql-setrole-privilege-elevation(24718) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |