CVE-2010-1975

medium

Description

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004

http://www.vupen.com/english/advisories/2010/1221

http://www.vupen.com/english/advisories/2010/1207

http://www.securityfocus.com/bid/40304

http://www.postgresql.org/docs/current/static/release-8-4-4.html

http://www.postgresql.org/docs/current/static/release-8-3-11.html

http://www.postgresql.org/docs/current/static/release-8-2-17.html

http://www.postgresql.org/docs/current/static/release-8-1-21.html

http://www.postgresql.org/docs/current/static/release-8-0-25.html

http://www.postgresql.org/docs/current/static/release-7-4-29.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:103

http://www.debian.org/security/2010/dsa-2051

http://secunia.com/advisories/39939

http://marc.info/?l=bugtraq&m=134124585221119&w=2

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Details

Source: Mitre, NVD

Published: 2010-05-19

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00281