CVE-2006-0553

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.1.0 through 8.1.2

Description The issue allows authenticated database users to gain additional privileges via knowledge of the backend protocol by using a crafted SET ROLE to other database users. This is achieved through a bug in the handling of SET ROLE, which enables escalation of privileges to any other database user, including superuser. A valid login is required to exploit this issue.

Recommendations For PostgreSQL versions 8.1.0 through 8.1.2, consider restricting the use of the SET ROLE command until a patch is available to prevent privilege escalation. As a temporary workaround, limit the privileges of authenticated database users to minimize the risk of exploitation.