CVE-2007-6600

Published: 09 January 2008

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

Priority

Unknown

Status

Package Release Status
postgresql-8.1
Launchpad, Ubuntu, Debian
Upstream Needs triage

postgresql-8.2
Launchpad, Ubuntu, Debian
Upstream Needs triage