CVE
- Id
- 29957
- CVE No.
- CVE-2007-6600
- Status
- Candidate
- Description
- PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
- Phase
- Assigned (20071231)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 316810 | 29957 | CVE-2007-6600 | BUGTRAQ:20080107 PostgreSQL 2007-01-07 Cumulative Security Release | View |
| 316811 | 29957 | CVE-2007-6600 | URL:http://www.securityfocus.com/archive/1/archive/1/485864/100/0/threaded | View |
| 316812 | 29957 | CVE-2007-6600 | BUGTRAQ:20080115 rPSA-2008-0016-1 postgresql postgresql-server | View |
| 316813 | 29957 | CVE-2007-6600 | URL:http://www.securityfocus.com/archive/1/archive/1/486407/100/0/threaded | View |
| 316814 | 29957 | CVE-2007-6600 | CONFIRM:http://www.postgresql.org/about/news.905 | View |
| 316815 | 29957 | CVE-2007-6600 | CONFIRM:https://issues.rpath.com/browse/RPL-1768 | View |
| 316816 | 29957 | CVE-2007-6600 | DEBIAN:DSA-1460 | View |
| 316817 | 29957 | CVE-2007-6600 | URL:http://www.debian.org/security/2008/dsa-1460 | View |
| 316818 | 29957 | CVE-2007-6600 | DEBIAN:DSA-1463 | View |
| 316819 | 29957 | CVE-2007-6600 | URL:http://www.debian.org/security/2008/dsa-1463 | View |
| 316820 | 29957 | CVE-2007-6600 | FEDORA:FEDORA-2008-0478 | View |
| 316821 | 29957 | CVE-2007-6600 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html | View |
| 316822 | 29957 | CVE-2007-6600 | FEDORA:FEDORA-2008-0552 | View |
| 316823 | 29957 | CVE-2007-6600 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html | View |
| 316824 | 29957 | CVE-2007-6600 | GENTOO:GLSA-200801-15 | View |
| 316825 | 29957 | CVE-2007-6600 | URL:http://security.gentoo.org/glsa/glsa-200801-15.xml | View |
| 316826 | 29957 | CVE-2007-6600 | HP:HPSBTU02325 | View |
| 316827 | 29957 | CVE-2007-6600 | URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 | View |
| 316828 | 29957 | CVE-2007-6600 | HP:SSRT080006 | View |
| 316829 | 29957 | CVE-2007-6600 | URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 | View |
| 316830 | 29957 | CVE-2007-6600 | MANDRIVA:MDVSA-2008:004 | View |
| 316831 | 29957 | CVE-2007-6600 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:004 | View |
| 316832 | 29957 | CVE-2007-6600 | REDHAT:RHSA-2008:0038 | View |
| 316833 | 29957 | CVE-2007-6600 | URL:http://www.redhat.com/support/errata/RHSA-2008-0038.html | View |
| 316834 | 29957 | CVE-2007-6600 | REDHAT:RHSA-2008:0039 | View |
| 316835 | 29957 | CVE-2007-6600 | URL:http://www.redhat.com/support/errata/RHSA-2008-0039.html | View |
| 316836 | 29957 | CVE-2007-6600 | REDHAT:RHSA-2008:0040 | View |
| 316837 | 29957 | CVE-2007-6600 | URL:http://www.redhat.com/support/errata/RHSA-2008-0040.html | View |
| 316838 | 29957 | CVE-2007-6600 | SUNALERT:103197 | View |
| 316839 | 29957 | CVE-2007-6600 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 | View |
| 316840 | 29957 | CVE-2007-6600 | SUNALERT:200559 | View |
| 316841 | 29957 | CVE-2007-6600 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 | View |
| 316842 | 29957 | CVE-2007-6600 | SUSE:SUSE-SA:2008:005 | View |
| 316843 | 29957 | CVE-2007-6600 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html | View |
| 316844 | 29957 | CVE-2007-6600 | UBUNTU:USN-568-1 | View |
| 316845 | 29957 | CVE-2007-6600 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-568-1 | View |
| 316846 | 29957 | CVE-2007-6600 | BID:27163 | View |
| 316847 | 29957 | CVE-2007-6600 | URL:http://www.securityfocus.com/bid/27163 | View |
| 316848 | 29957 | CVE-2007-6600 | OVAL:oval:org.mitre.oval:def:10493 | View |
| 316849 | 29957 | CVE-2007-6600 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10493 | View |
| 316850 | 29957 | CVE-2007-6600 | VUPEN:ADV-2008-0061 | View |
| 316851 | 29957 | CVE-2007-6600 | URL:http://www.vupen.com/english/advisories/2008/0061 | View |
| 316852 | 29957 | CVE-2007-6600 | VUPEN:ADV-2008-0109 | View |
| 316853 | 29957 | CVE-2007-6600 | URL:http://www.vupen.com/english/advisories/2008/0109 | View |
| 316854 | 29957 | CVE-2007-6600 | VUPEN:ADV-2008-1071 | View |
| 316855 | 29957 | CVE-2007-6600 | URL:http://www.vupen.com/english/advisories/2008/1071/references | View |
| 316856 | 29957 | CVE-2007-6600 | SECTRACK:1019157 | View |
| 316857 | 29957 | CVE-2007-6600 | URL:http://securitytracker.com/id?1019157 | View |
| 316858 | 29957 | CVE-2007-6600 | SECUNIA:28359 | View |
| 316859 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28359 | View |
| 316860 | 29957 | CVE-2007-6600 | SECUNIA:28376 | View |
| 316861 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28376 | View |
| 316862 | 29957 | CVE-2007-6600 | SECUNIA:28438 | View |
| 316863 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28438 | View |
| 316864 | 29957 | CVE-2007-6600 | SECUNIA:28445 | View |
| 316865 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28445 | View |
| 316866 | 29957 | CVE-2007-6600 | SECUNIA:28437 | View |
| 316867 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28437 | View |
| 316868 | 29957 | CVE-2007-6600 | SECUNIA:28454 | View |
| 316869 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28454 | View |
| 316870 | 29957 | CVE-2007-6600 | SECUNIA:28464 | View |
| 316871 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28464 | View |
| 316872 | 29957 | CVE-2007-6600 | SECUNIA:28477 | View |
| 316873 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28477 | View |
| 316874 | 29957 | CVE-2007-6600 | SECUNIA:28479 | View |
| 316875 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28479 | View |
| 316876 | 29957 | CVE-2007-6600 | SECUNIA:28455 | View |
| 316877 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28455 | View |
| 316878 | 29957 | CVE-2007-6600 | SECUNIA:28679 | View |
| 316879 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28679 | View |
| 316880 | 29957 | CVE-2007-6600 | SECUNIA:28698 | View |
| 316881 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/28698 | View |
| 316882 | 29957 | CVE-2007-6600 | SECUNIA:29638 | View |
| 316883 | 29957 | CVE-2007-6600 | URL:http://secunia.com/advisories/29638 | View |
| 316884 | 29957 | CVE-2007-6600 | XF:postgresql-indexfunctions-priv-escalation(39496) | View |
Related JVN
| Id | JVN No. | Title | Summary | CVE No. | CVE Id | CVSS_v2 | CVSS_v3 | JVN URL | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 56091 | JVNDB-2007-004783 | NoseRub の app/models/identity.php における SQL インジェクションの脆弱性 | NoseRub の app/models/identity.php には、SQL インジェクションの脆弱性が存在します。 | CVE-2007-6602 | 29957 | 7.5 | http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-004783.html | View |
