-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] OpenPKG-SA-2006.004 19-Feb-2006 ________________________________________________________________________ Package: postgresql Vulnerability: privilege escalation OpenPKG Specific: no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= postgresql-8.1.2-20060211 >= postgresql-8.1.3-20060213 OpenPKG 2.5 <= postgresql-8.0.4-2.5.0 >= postgresql-8.0.4-2.5.1 OpenPKG 2.4 <= postgresql-8.0.3-2.4.0 >= postgresql-8.0.3-2.4.1 OpenPKG 2.3 <= postgresql-8.0.1-2.3.1 >= postgresql-8.0.1-2.3.2 Description: According to vendor security information [0], privilege escalation vulnerabilitiesd exist in the PostgreSQL RDBMS [1] before version 8.1.3. The bug allowed any logged-in user to "SET ROLE" to any other database user id. Due to inadequate validity checking, a user could exploit the special case that "SET ROLE" normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-0553 [2] to the problem. The escalation of privilege risk exists only in versions 8.1.0 to 8.1.2. However, in all versions back to 7.3 there is a related bug in "SET SESSION AUTHORIZATION" that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled (which is not the default). ________________________________________________________________________ References: [0] http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3 [1] http://www.postgresql.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0553 ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/ for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <[EMAIL PROTECTED]> iD8DBQFD+FhfgHWT4GPEy58RAoF3AKCrvXGfM2EhKrayDMuaTG3DLGL4fQCgyyl/ +1Qgcz5MZhew1F+8KGz0C1Q= =5J9V -----END PGP SIGNATURE-----