{"vuid":"VU#891177","idnumber":"891177","name":"PostgreSQL VACUUM command allows unprivileged user to remove database transaction log data","keywords":["PostgreSQL","pg_clog","log transaction file","VACUUM command"],"overview":"The PostgreSQL VACUUM command contains a vulnerability that allows an unprivileged user to remove database transaction log data. This may result in unrecoverable data loss.","clean_desc":"PostgreSQL is a database management system. The PostgreSQL VACUUM command is used to clean out records from rolled back transactions and update statistics in the system catalog. There is a flaw in the PostgreSQL VACUUM command that could allow an unprivileged user to remove database transaction log data prematurely.","impact":"An attacker could remove database transaction log data. The premature removal of transaction logs may result in unrecoverable data loss.","resolution":"Upgrade This issue was fixed in version 7.2.3 of PostgreSQL.","workarounds":"","sysaffected":"","thanks":"Thanks to Red Hat for the information contained in their security advisory.","author":"This document was written by Damon Morda.","public":["http://www.postgresql.org","https://rhn.redhat.com/errata/RHSA-2003-001.html","http://www.postgresql.org/docs/6.5/interactive/sql-vacuum-1.htm"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-01-24T20:50:19Z","publicdate":"2002-10-01T00:00:00Z","datefirstpublished":"2004-01-15T17:33:14Z","dateupdated":"2004-01-15T18:30:34Z","revision":15,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"8","cam_easeofexploitation":"10","cam_attackeraccessrequired":"10","cam_scorecurrent":"3.75","cam_scorecurrentwidelyknown":"4.5","cam_scorecurrentwidelyknownexploited":"7.5","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.75,"vulnote":null}