Home > Vulnerability Database > CVE-2009-3230

Mend.io Vulnerability Database

CVE-2009-3230

Good to know:

Date: September 17, 2009

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.

Language: C

Severity Score

6.3

Related Resources (26)

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-3230

Url: http://secunia.com/advisories/36837

Url: https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html

Url: http://www.postgresql.org/docs/8.3/static/release-8-3-8.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10166

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3230

Url: http://secunia.com/advisories/36695

Url: http://marc.info/?l=bugtraq&m=134124585221119&w=2

Url: http://www.postgresql.org/support/security.html

Url: https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html

Url: http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

Url: http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

Url: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012

Url: http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php

Url: https://access.redhat.com/security/cve/CVE-2009-3230

Url: http://secunia.com/advisories/36800

Url: http://www.us.debian.org/security/2009/dsa-1900

Url: http://secunia.com/advisories/36727

Url: https://bugzilla.redhat.com/show_bug.cgi?id=522085

Url: http://secunia.com/advisories/36660

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1

Url: http://www.securityfocus.com/bid/36314

Url: http://www.ubuntu.com/usn/usn-834-1

Url: http://www.vupen.com/english/advisories/2009/2602

Url: http://www.securityfocus.com/archive/1/509917/100/0/threaded

Url: https://www.mend.io/vulnerability-database/CVE-2009-3230

Severity Score

6.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Top Fix

Upgrade Version

Upgrade to version 8.4.1,8.3.8,8.2.14,8.1.18,8.0.22,7.4.26

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-3230

Good to know:

Date: September 17, 2009

Language: C

Severity Score

Related Resources (26)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?