CVE-2007-6600

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 7.3 through 7.3.20 PostgreSQL versions 7.4 through 7.4.18 PostgreSQL versions 8.0 through 8.0.14 PostgreSQL versions 8.1 through 8.1.10 PostgreSQL versions 8.2 through 8.2.5

Description The issue allows remote authenticated users to gain privileges due to the use of superuser privileges instead of table owner privileges for certain operations within index functions. This includes VACUUM and ANALYZE operations, as well as support for SET ROLE and SET SESSION AUTHORIZATION within index functions. Additionally, vulnerabilities in how ANALYZE executes user-defined functions that are part of expression indexes can allow users to gain superuser privileges, requiring a valid login with permissions to create functions and tables to exploit.

Recommendations For PostgreSQL versions 7.3 through 7.3.20, update to version 7.3.21 or later. For PostgreSQL versions 7.4 through 7.4.18, update to version 7.4.19 or later. For PostgreSQL versions 8.0 through 8.0.14, update to version 8.0.15 or later. For PostgreSQL versions 8.1 through 8.1.10, update to version 8.1.11 or later. For PostgreSQL versions 8.2 through 8.2.5, update to version 8.2.6 or later.