Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-1975

Опубликовано: 17 мая 2010
Источник: redhat
CVSS2: 4.9
EPSS Низкий

Описание

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

Отчет

This issue has been addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0428.html This issue has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0429.html and https://rhn.redhat.com/errata/RHSA-2010-0430.html There is not plan to address this issue in the PostgreSQL packages as shipped with Red Hat Enterprise Linux 3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 3rh-postgresqlAffected
Red Hat Enterprise Linux 4postgresqlFixedRHSA-2010:042819.05.2010
Red Hat Enterprise Linux 5postgresqlFixedRHSA-2010:042919.05.2010
Red Hat Enterprise Linux 5postgresql84FixedRHSA-2010:043019.05.2010

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=593870postgresql: improper privilege check during certain RESET ALL operations

EPSS

Процентиль: 51%
0.00277
Низкий

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-1975

ubuntu
около 15 лет назад

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

nvd логотип

CVE-2010-1975

nvd
около 15 лет назад

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

debian логотип

CVE-2010-1975

debian
около 15 лет назад

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8. ...

github логотип

GHSA-q6wf-wh6m-ch8f

github
около 3 лет назад

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

oracle-oval логотип

ELSA-2010-0430

oracle-oval
около 15 лет назад

ELSA-2010-0430: postgresql84 security update (MODERATE)

EPSS

Процентиль: 51%
0.00277
Низкий

4.9 Medium

CVSS2