Detections
Analytics
CVE-2010-1975
critical
Description
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004
http://www.vupen.com/english/advisories/2010/1221
http://www.vupen.com/english/advisories/2010/1207
http://www.securityfocus.com/bid/40304
http://www.postgresql.org/docs/current/static/release-8-4-4.html
http://www.postgresql.org/docs/current/static/release-8-3-11.html
http://www.postgresql.org/docs/current/static/release-8-2-17.html
http://www.postgresql.org/docs/current/static/release-8-1-21.html
http://www.postgresql.org/docs/current/static/release-8-0-25.html
http://www.postgresql.org/docs/current/static/release-7-4-29.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:103
http://www.debian.org/security/2010/dsa-2051
http://secunia.com/advisories/39939
http://marc.info/?l=bugtraq&m=134124585221119&w=2
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html