Home > Vulnerability Database > CVE-2007-6600

Mend.io Vulnerability Database

CVE-2007-6600

Date: January 9, 2008

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

Severity Score

6.3

Related Resources (42)

Url: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

Url: http://www.vupen.com/english/advisories/2008/1071/references

Url: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

Url: https://access.redhat.com/security/cve/CVE-2007-6600

Url: http://www.debian.org/security/2008/dsa-1460

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6600

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

Url: http://www.vupen.com/english/advisories/2008/0061

Url: http://security.gentoo.org/glsa/glsa-200801-15.xml

Url: http://secunia.com/advisories/29638

Url: http://securitytracker.com/id?1019157

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-6600

Url: http://www.redhat.com/support/errata/RHSA-2008-0039.html

Url: http://www.debian.org/security/2008/dsa-1463

Url: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

Url: http://www.redhat.com/support/errata/RHSA-2008-0040.html

Url: http://secunia.com/advisories/28464

Url: http://www.securityfocus.com/bid/27163

Url: http://secunia.com/advisories/28445

Url: http://www.redhat.com/support/errata/RHSA-2008-0038.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10493

Url: http://www.securityfocus.com/archive/1/486407/100/0/threaded

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/39496

Url: http://www.vupen.com/english/advisories/2008/0109

Url: http://www.postgresql.org/about/news.905

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:004

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

Url: http://www.securityfocus.com/archive/1/485864/100/0/threaded

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

Url: https://usn.ubuntu.com/568-1/

Url: https://issues.rpath.com/browse/RPL-1768

Url: http://secunia.com/advisories/28479

Url: http://secunia.com/advisories/28359

Url: http://secunia.com/advisories/28679

Url: http://secunia.com/advisories/28437

Url: http://secunia.com/advisories/28438

Url: http://secunia.com/advisories/28376

Url: http://secunia.com/advisories/28454

Url: http://secunia.com/advisories/28455

Url: http://secunia.com/advisories/28477

Url: http://secunia.com/advisories/28698

Url: https://www.mend.io/vulnerability-database/CVE-2007-6600

Severity Score

6.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-6600

Date: January 9, 2008

Severity Score

Related Resources (42)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?