PT-2014-3462 · Postgresql+1 · Postgresql+1

Published

2014-03-28

Updated

2024-06-15

CVE-2014-0067

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 9.3.3 and earlier

Description The issue allows local users to gain privileges by leveraging access to a database cluster used for test suites. This is due to the "make check" command not properly invoking initdb to specify authentication requirements for the cluster. Unauthenticated users may gain access to the database server during the "make check" process.

Recommendations For PostgreSQL versions 9.3.3 and earlier, consider restricting access to the database cluster used for test suites until a proper fix is applied. As a temporary workaround, ensure that only authorized users have access to the "make check" command to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-0067

DLA-0019-1

DSA-2864-1

DSA-2865-1

MGASA-2014-0205

MGASA-2014-0222

OPENSUSE-SU-2024:10030-1

OPENSUSE-SU-2024:10256-1

OPENSUSE-SU-2024:10273-1

Affected Products

Postgresql

Suse

PT-2014-3462 · Postgresql+1 · Postgresql+1

CVE-2014-0067

Weakness Enumeration

Related Identifiers

Affected Products

References · 74