• Tenable
  • CVEs
  • Settings
    Links
    Tenable.io Tenable Community & Support Tenable University
    Severity
    Theme
  • Tenable
  • Links
  • Tenable.io
  • Tenable Community & Support
  • Tenable University
  • Settings
  • Severity
  • Theme
  • Newest
  • Updated
  • Search
  • Newest
  • Updated
  • Search
  1. CVEs
  2. CVE-2010-1975
  1. CVEs

CVE-2010-1975

medium
  • Information
  • CPEs
  • Plugins

Description

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

References

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://marc.info/?l=bugtraq&m=134124585221119&w=2

http://secunia.com/advisories/39939

http://www.debian.org/security/2010/dsa-2051

http://www.mandriva.com/security/advisories?name=MDVSA-2010:103

http://www.postgresql.org/docs/current/static/release-7-4-29.html

http://www.postgresql.org/docs/current/static/release-8-0-25.html

http://www.postgresql.org/docs/current/static/release-8-1-21.html

http://www.postgresql.org/docs/current/static/release-8-2-17.html

http://www.postgresql.org/docs/current/static/release-8-3-11.html

http://www.postgresql.org/docs/current/static/release-8-4-4.html

http://www.securityfocus.com/bid/40304

http://www.vupen.com/english/advisories/2010/1207

http://www.vupen.com/english/advisories/2010/1221

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004

Details

Source: MITRE

Published: 2010-05-19

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2

Base Score: 5.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8

Severity: MEDIUM

  • Tenable.com
  • Community & Support
  • Documentation
  • Education
  • © 2022 Tenable®, Inc. All Rights Reserved
  • Privacy Policy
  • Legal
  • 508 Compliance