FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postgresql81-server -- SET ROLE privilege escalation

Affected packages
8.1.0 <= postgresql-server < 8.1.3

Details

VuXML ID 0b2b4b4d-a07c-11da-be0a-000c6ec775d9
Discovery 2006-02-14
Entry 2006-02-18
Modified 2006-08-13

The PostgreSQL team reports:

Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example.

References

CVE Name CVE-2006-0553
URL http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-3