PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability Network Vulnerability

Summary

PostgreSQL is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to reset special parameter settings only a root user should be able to modify. This may aid in further attacks. This issue affects versions prior to the following PostgreSQL versions: 7.4.29, 8.0.25 8.1.21, 8.2.17 8.3.11 8.4.4

Solution

Updates are available. Please see the references for more information.

References

http://www.postgresql.org/
http://www.postgresql.org/docs/current/static/release-7-4-29.html
http://www.postgresql.org/docs/current/static/release-8-0-25.html
http://www.postgresql.org/docs/current/static/release-8-1-21.html
http://www.postgresql.org/docs/current/static/release-8-2-17.html
http://www.postgresql.org/docs/current/static/release-8-3-11.html
http://www.postgresql.org/docs/current/static/release-8-4-4.html
http://www.securityfocus.com/bid/40304

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1975

CVSS	Base Score: 5.5 AV:N/AC:L/Au:S/C:P/I:P/A:N

Related Vulnerabilities

MySQL Unspecified vulnerabilities-03 July-2013 (Windows)
MySQL Multiple Denial of Service Vulnerabilities
Oracle MySQL Multiple Unspecified vulnerabilities-03 July14 (Windows)
IBM DB2 XSLT Library Denial of Service Vulnerability
PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability

Take action and discover your vulnerabilities