CVE-2007-6600

NameCVE-2007-6600
DescriptionPostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1460-1, DSA-1463-1
NVD severitymedium (attack range: remote)
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresqlsourcesarge(unfixed)medium
postgresql-7.4sourceetch7.4.19-0etch1mediumDSA-1463-1
postgresql-8.1source(unstable)8.1.11-1medium
postgresql-8.1sourceetch8.1.11-0etch1mediumDSA-1460-1
postgresql-8.2source(unstable)8.2.6-1medium

Search for package or bug name: Reporting problems