CVE-2009-3230 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-3230 Interim 1 9 2022-10-15T18:14:44Z current 2021-05-30T12:48:24Z 2022-10-15T18:14:44Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-3230 The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html E-Mail link for SUSE-SR:2009:016 https://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html E-Mail link for SUSE-SR:2009:017 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 postgresql-8.3.8-0.1.1 postgresql-contrib-8.3.8-0.1.1 postgresql-docs-8.3.8-0.1.1 postgresql-libs-32bit-8.3.8-0.1.1 postgresql-libs-8.3.8-0.1.1 postgresql-libs-x86-8.3.8-0.1.1 postgresql-server-8.3.8-0.1.1 postgresql-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server 11 postgresql-contrib-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server 11 postgresql-docs-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server 11 postgresql-libs-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server 11 postgresql-libs-32bit-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server 11 postgresql-libs-x86-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server 11 postgresql-server-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server 11 postgresql-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 postgresql-contrib-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 postgresql-docs-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 postgresql-libs-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 postgresql-libs-32bit-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 postgresql-libs-x86-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 postgresql-server-8.3.8-0.1.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. CVE-2009-3230 SUSE Linux Enterprise Server 11:postgresql-8.3.8-0.1.1 SUSE Linux Enterprise Server 11:postgresql-contrib-8.3.8-0.1.1 SUSE Linux Enterprise Server 11:postgresql-docs-8.3.8-0.1.1 SUSE Linux Enterprise Server 11:postgresql-libs-8.3.8-0.1.1 SUSE Linux Enterprise Server 11:postgresql-libs-32bit-8.3.8-0.1.1 SUSE Linux Enterprise Server 11:postgresql-libs-x86-8.3.8-0.1.1 SUSE Linux Enterprise Server 11:postgresql-server-8.3.8-0.1.1 SUSE Linux Enterprise Server for SAP Applications 11:postgresql-8.3.8-0.1.1 SUSE Linux Enterprise Server for SAP Applications 11:postgresql-contrib-8.3.8-0.1.1 SUSE Linux Enterprise Server for SAP Applications 11:postgresql-docs-8.3.8-0.1.1 SUSE Linux Enterprise Server for SAP Applications 11:postgresql-libs-8.3.8-0.1.1 SUSE Linux Enterprise Server for SAP Applications 11:postgresql-libs-32bit-8.3.8-0.1.1 SUSE Linux Enterprise Server for SAP Applications 11:postgresql-libs-x86-8.3.8-0.1.1 SUSE Linux Enterprise Server for SAP Applications 11:postgresql-server-8.3.8-0.1.1 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P