Vulnerability Description
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | 7.3 |
Related Weaknesses (CWE)
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
- http://secunia.com/advisories/28359Vendor Advisory
- http://secunia.com/advisories/28376Vendor Advisory
- http://secunia.com/advisories/28437Vendor Advisory
- http://secunia.com/advisories/28438Vendor Advisory
- http://secunia.com/advisories/28445Vendor Advisory
- http://secunia.com/advisories/28454Vendor Advisory
- http://secunia.com/advisories/28455Vendor Advisory
- http://secunia.com/advisories/28464Vendor Advisory
- http://secunia.com/advisories/28477Vendor Advisory
- http://secunia.com/advisories/28479Vendor Advisory
- http://secunia.com/advisories/28679Vendor Advisory
- http://secunia.com/advisories/28698Vendor Advisory
- http://secunia.com/advisories/29638Vendor Advisory
FAQ
What is CVE-2007-6600?
CVE-2007-6600 is a vulnerability with a CVSS score of 6.5 (MEDIUM). PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE o...
How severe is CVE-2007-6600?
CVE-2007-6600 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6600?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql.