CVE-2010-1975

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 7.4 through 7.4.28 PostgreSQL versions 8.0 through 8.0.24 PostgreSQL versions 8.1 through 8.1.20 PostgreSQL versions 8.2 through 8.2.16 PostgreSQL versions 8.3 through 8.3.10 PostgreSQL versions 8.4 through 8.4.3

Description The issue allows remote authenticated users to remove arbitrary parameter settings via certain statements, effectively bypassing settings that should be enforced. An unprivileged database user can exploit this to remove superuser-only settings applied to their account, which were set by a superuser using ALTER USER.

Recommendations For PostgreSQL versions 7.4 through 7.4.28, update to version 7.4.29 or later. For PostgreSQL versions 8.0 through 8.0.24, update to version 8.0.25 or later. For PostgreSQL versions 8.1 through 8.1.20, update to version 8.1.21 or later. For PostgreSQL versions 8.2 through 8.2.16, update to version 8.2.17 or later. For PostgreSQL versions 8.3 through 8.3.10, update to version 8.3.11 or later. For PostgreSQL versions 8.4 through 8.4.3, update to version 8.4.4 or later.