CVE-2009-4136

MEDIUM

Description

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.

References

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html

http://marc.info/?l=bugtraq&m=134124585221119&w=2

http://osvdb.org/61039

http://secunia.com/advisories/37663

http://secunia.com/advisories/39820

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012

http://www.mandriva.com/security/advisories?name=MDVSA-2009:333

http://www.postgresql.org/docs/current/static/release-7-4-27.html

http://www.postgresql.org/docs/current/static/release-8-0-23.html

http://www.postgresql.org/docs/current/static/release-8-1-19.html

http://www.postgresql.org/docs/current/static/release-8-2-15.html

http://www.postgresql.org/docs/current/static/release-8-3-9.html

http://www.postgresql.org/docs/current/static/release-8-4-2.html

http://www.postgresql.org/support/security.html

http://www.redhat.com/support/errata/RHSA-2010-0427.html

http://www.redhat.com/support/errata/RHSA-2010-0428.html

http://www.redhat.com/support/errata/RHSA-2010-0429.html

http://www.securityfocus.com/archive/1/509917/100/0/threaded

http://www.securityfocus.com/bid/37333

http://www.securitytracker.com/id?1023326

http://www.vupen.com/english/advisories/2009/3519

http://www.vupen.com/english/advisories/2010/1197

https://bugzilla.redhat.com/show_bug.cgi?id=546321

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9358

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html

Details

Source: MITRE

Published: 2009-12-15

Updated: 2018-10-10

Risk Information

CVSS v2.0

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.18:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.19:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.20:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.21:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.22:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.23:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.24:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.25:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:7.4.26:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.12:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.14:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.15:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.16:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.17:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.18:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.19:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.20:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.21:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.0.22:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.10:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.11:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.12:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.13:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.14:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.15:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.16:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.17:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.1.18:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.9:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.10:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.11:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.13:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.2.14:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*

cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
68044Oracle Linux 5 : postgresql (ELSA-2010-0429)NessusOracle Linux Local Security Checks
high
68043Oracle Linux 4 : postgresql (ELSA-2010-0428)NessusOracle Linux Local Security Checks
high
68042Oracle Linux 3 : postgresql (ELSA-2010-0427)NessusOracle Linux Local Security Checks
high
63348PostgreSQL 7.4 < 7.4.27 / 8.0 < 8.0.23 / 8.1 < 8.1.19 / 8.2 < 8.2.15 / 8.3 < 8.3.9 / 8.4 < 8.4.2 Multiple VulnerabilitiesNessusDatabases
medium
60795Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
56626GLSA-201110-22 : PostgreSQL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
52689SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)NessusSuSE Local Security Checks
medium
49920SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6768)NessusSuSE Local Security Checks
medium
46761CentOS 5 : postgresql (CESA-2010:0429)NessusCentOS Local Security Checks
high
46696CentOS 4 : postgresql (CESA-2010:0428)NessusCentOS Local Security Checks
high
46695CentOS 3 : postgresql (CESA-2010:0427)NessusCentOS Local Security Checks
high
46683RHEL 5 : postgresql (RHSA-2010:0429)NessusRed Hat Local Security Checks
high
46682RHEL 4 : postgresql (RHSA-2010:0428)NessusRed Hat Local Security Checks
high
46681RHEL 3 : postgresql (RHSA-2010:0427)NessusRed Hat Local Security Checks
high
44829Debian DSA-1964-1 : postgresql-7.4, postgresql-8.1, postgresql-8.3 - several vulnerabilitiesNessusDebian Local Security Checks
medium
44056SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6767)NessusSuSE Local Security Checks
medium
44055SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)NessusSuSE Local Security Checks
medium
44054openSUSE Security Update : postgresql (postgresql-1773)NessusSuSE Local Security Checks
medium
44052openSUSE Security Update : postgresql (postgresql-1773)NessusSuSE Local Security Checks
medium
44051openSUSE Security Update : postgresql (postgresql-1773)NessusSuSE Local Security Checks
medium
44050SuSE9 Security Update : PostgreSQL (YOU Patch Number 12571)NessusSuSE Local Security Checks
medium
43622Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities (USN-876-1)NessusUbuntu Local Security Checks
medium
43340Fedora 12 : postgresql-8.4.2-1.fc12 (2009-13381)NessusFedora Local Security Checks
medium
43337Fedora 11 : postgresql-8.3.9-1.fc11 (2009-13363)NessusFedora Local Security Checks
medium
43177FreeBSD : postgresql -- multiple vulnerabilities (e7bc5600-eaa0-11de-bd9c-00215c6a37bb)NessusFreeBSD Local Security Checks
medium
43167Mandriva Linux Security Advisory : postgresql (MDVSA-2009:333)NessusMandriva Local Security Checks
medium
5261PostgreSQL < 8.4.2 / 8.3.9 / 8.2.15 / 8.1.19 / 8.0.23 / 7.4.27 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium