CVE-2009-3230

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 7.4 through 7.4.25 PostgreSQL versions 8.0 through 8.0.21 PostgreSQL versions 8.1 through 8.1.17 PostgreSQL versions 8.2 through 8.2.13 PostgreSQL versions 8.3 through 8.3.7 PostgreSQL versions 8.4 through 8.4.0

Description The core server component in PostgreSQL does not use the appropriate privileges for the RESET ROLE and RESET SESSION AUTHORIZATION operations, allowing remote authenticated users to gain privileges. This issue is due to an incomplete fix for a previous problem.

Recommendations For PostgreSQL versions 7.4 through 7.4.25, update to version 7.4.26 or later. For PostgreSQL versions 8.0 through 8.0.21, update to version 8.0.22 or later. For PostgreSQL versions 8.1 through 8.1.17, update to version 8.1.18 or later. For PostgreSQL versions 8.2 through 8.2.13, update to version 8.2.14 or later. For PostgreSQL versions 8.3 through 8.3.7, update to version 8.3.8 or later. For PostgreSQL versions 8.4 through 8.4.0, update to version 8.4.1 or later.