FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postgresql81-server -- SET ROLE privilege escalation

Affected packages
8.1.0 <= postgresql-server < 8.1.3

Details

VuXML ID 0b2b4b4d-a07c-11da-be0a-000c6ec775d9
Discovery 2006-02-14
Entry 2006-02-18
Modified 2006-08-13

The PostgreSQL team reports:

Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example.

[source]

References

CVE Name CVE-2006-0553
URL http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.