CVE-2007-6600 · threatengine.sh

Home/CVE/PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superus

CVE

CVE-2007-6600

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superus

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

MEDIUM · CVSS 6.5 EPSS 0.00809

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

▤

Affected Products & Versions

1

postgresqlall versions

▣

Scoring & Timeline

6.5

MEDIUM · CVSS v2 (legacy) · cve@mitre.org

View on NVD

This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.

v2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Published to NVD09 Jan 2008 · 09:46 PM

⚑

Vendor Advisories

13

suse-csafopenSUSE-SU-2024:10030-1
suse-csafopenSUSE-SU-2024:10256-1
suse-csafopenSUSE-SU-2024:10273-1
rhsaRHSA-2010:0429Moderate
rhsaRHSA-2010:0428Moderate
Show all 13 vendor advisoriesrhsaRHSA-2010:0427Moderate
rhsaRHSA-2009:1461Important
rhsaRHSA-2009:1485Moderate
rhsaRHSA-2009:1484Moderate
usnUSN-568-1
rhsaRHSA-2008:0038Moderate
rhsaRHSA-2008:0040Moderate
rhsaRHSA-2008:0039Moderate

🔗

References & Sources

38

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

http://secunia.com/advisories/28359Vendor Advisory

http://secunia.com/advisories/28376Vendor Advisory

http://secunia.com/advisories/28437Vendor Advisory

http://secunia.com/advisories/28438Vendor Advisory

Show all 38 references

http://secunia.com/advisories/28445Vendor Advisory

http://secunia.com/advisories/28454Vendor Advisory

http://secunia.com/advisories/28455Vendor Advisory

http://secunia.com/advisories/28464Vendor Advisory

http://secunia.com/advisories/28477Vendor Advisory

http://secunia.com/advisories/28479Vendor Advisory

http://secunia.com/advisories/28679Vendor Advisory

http://secunia.com/advisories/28698Vendor Advisory

http://secunia.com/advisories/29638Vendor Advisory

http://security.gentoo.org/glsa/glsa-200801-15.xml

http://securitytracker.com/id?1019157

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

http://www.debian.org/security/2008/dsa-1460

http://www.debian.org/security/2008/dsa-1463

http://www.mandriva.com/security/advisories?name=MDVSA-2008:004

http://www.postgresql.org/about/news.905PatchVendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-0038.html

http://www.redhat.com/support/errata/RHSA-2008-0039.html

http://www.redhat.com/support/errata/RHSA-2008-0040.html

http://www.securityfocus.com/archive/1/485864/100/0/threaded

http://www.securityfocus.com/archive/1/486407/100/0/threaded

http://www.securityfocus.com/bid/27163Patch

http://www.vupen.com/english/advisories/2008/0061

http://www.vupen.com/english/advisories/2008/0109

http://www.vupen.com/english/advisories/2008/1071/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/39496

https://issues.rpath.com/browse/RPL-1768

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493

https://usn.ubuntu.com/568-1/

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin