Description

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

Remediation

References

CVE-2007-6600

Related Vulnerabilities

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9515)

WordPress Plugin EWWW Image Optimizer Cross-Site Scripting (2.0.1)

Oracle HTTP Server CVE-2021-35666 Vulnerability (CVE-2021-35666)

WordPress Plugin DX Share Selection Cross-Site Request Forgery (1.4)

WordPress Plugin Meteor Slides Cross-Site Scripting (1.5.6)

Severity

Medium

Classification

CVE-2007-6600 CWE-264

Tags

Missing Update Known Vulnerabilities