{"vuid":"VU#567452","idnumber":"567452","name":"PostgreSQL database privilege escalation vulnerability","keywords":["PostgreSQL","privilege escalation","input validation error","SET ROLE command"],"overview":"PostgreSQL fails to properly recover from errors. This may allow an authenticated attacker to gain elevated privileges on a PostgreSQL database.","clean_desc":"PostgreSQL Database PostgreSQL is an open source database management system. The Problem There is a vulnerability in the way that PostgreSQL recovers from errors. According to the release notes for PostgreSQL 8.1.3: Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example. Considerations This issue only exists in PostgreSQL versions 8.1.0 to 8.1.2. An attacker must have valid credentials to exploit this vulnerability.","impact":"An authenticated attacker may be able to gain elevated privileges on a PostgreSQL database.","resolution":"Upgrade\nThis issue has been corrected in PostgreSQL version 8.1.3.","workarounds":"","sysaffected":"","thanks":"This issue was reported in the \nrelease notes\n for PostgreSQL 8.1.3. PostgreSQL credits \nAkio Ishida with providing information regarding this issue.","author":"This document was written by Jeff Gennari.","public":["http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3","http://archives.postgresql.org/pgsql-announce/2006-02/msg00008.php","http://www.postgresql.org/docs/8.1/static/release-7-3-14.html","http://www.postgresql.org/docs/8.1/static/release-7-4-12.html","http://www.postgresql.org/docs/8.1/static/release-8-0-7.html","http://secunia.com/advisories/18890/"],"cveids":["CVE-2006-0553"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-02-22T15:35:10Z","publicdate":"2006-02-14T00:00:00Z","datefirstpublished":"2006-02-27T15:43:27Z","dateupdated":"2006-05-17T12:27:13Z","revision":18,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"9","cam_impact":"20","cam_easeofexploitation":"6","cam_attackeraccessrequired":"7","cam_scorecurrent":"2.5515","cam_scorecurrentwidelyknown":"3.26025","cam_scorecurrentwidelyknownexploited":"6.09525","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.5515,"vulnote":null}