CVE-2012-0866
postgresql: Absent permission checks on trigger function to be called when creating a trigger
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.
CREATE TRIGGER en PostgreSQL v8.3.x antes de v8.3.18, v8.4.x antes de v8.4.11, v9.0.x antes de v9.0.7 y v9.1.x antes v9.1.3, no comprueba correctamente el permiso de ejecuciĆ³n de las funciones de disparo marcados como SECURITY DEFINER, lo que permite a usuarios autenticados remotamente ejecutar los disparadores restringidos en datos arbitrarios mediante la instalaciĆ³n del disparador en una tabla propiedad del atacante.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-01-19 CVE Reserved
- 2012-02-28 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (17)
URL | Tag | Source |
---|---|---|
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | X_refsource_confirm | |
http://secunia.com/advisories/49272 | Third Party Advisory | |
http://secunia.com/advisories/49273 | Third Party Advisory | |
http://www.postgresql.org/docs/8.3/static/release-8-3-18.html | X_refsource_confirm | |
http://www.postgresql.org/docs/8.4/static/release-8-4-11.html | X_refsource_confirm | |
http://www.postgresql.org/docs/9.0/static/release-9-0-7.html | X_refsource_confirm | |
http://www.postgresql.org/docs/9.1/static/release-9-1-3.html | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3 Search vendor "Postgresql" for product "Postgresql" and version "8.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.1 Search vendor "Postgresql" for product "Postgresql" and version "8.3.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.2 Search vendor "Postgresql" for product "Postgresql" and version "8.3.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.3 Search vendor "Postgresql" for product "Postgresql" and version "8.3.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.4 Search vendor "Postgresql" for product "Postgresql" and version "8.3.4" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.5 Search vendor "Postgresql" for product "Postgresql" and version "8.3.5" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.6 Search vendor "Postgresql" for product "Postgresql" and version "8.3.6" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.7 Search vendor "Postgresql" for product "Postgresql" and version "8.3.7" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.8 Search vendor "Postgresql" for product "Postgresql" and version "8.3.8" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.9 Search vendor "Postgresql" for product "Postgresql" and version "8.3.9" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.10 Search vendor "Postgresql" for product "Postgresql" and version "8.3.10" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.11 Search vendor "Postgresql" for product "Postgresql" and version "8.3.11" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.12 Search vendor "Postgresql" for product "Postgresql" and version "8.3.12" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.13 Search vendor "Postgresql" for product "Postgresql" and version "8.3.13" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.14 Search vendor "Postgresql" for product "Postgresql" and version "8.3.14" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.15 Search vendor "Postgresql" for product "Postgresql" and version "8.3.15" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.16 Search vendor "Postgresql" for product "Postgresql" and version "8.3.16" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.3.17 Search vendor "Postgresql" for product "Postgresql" and version "8.3.17" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.4 Search vendor "Postgresql" for product "Postgresql" and version "8.4" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.4.1 Search vendor "Postgresql" for product "Postgresql" and version "8.4.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.4.2 Search vendor "Postgresql" for product "Postgresql" and version "8.4.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.4.3 Search vendor "Postgresql" for product "Postgresql" and version "8.4.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.4.4 Search vendor "Postgresql" for product "Postgresql" and version "8.4.4" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.4.5 Search vendor "Postgresql" for product "Postgresql" and version "8.4.5" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.4.6 Search vendor "Postgresql" for product "Postgresql" and version "8.4.6" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.4.7 Search vendor "Postgresql" for product "Postgresql" and version "8.4.7" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.4.8 Search vendor "Postgresql" for product "Postgresql" and version "8.4.8" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.4.9 Search vendor "Postgresql" for product "Postgresql" and version "8.4.9" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 8.4.10 Search vendor "Postgresql" for product "Postgresql" and version "8.4.10" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.0 Search vendor "Postgresql" for product "Postgresql" and version "9.0" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.0.1 Search vendor "Postgresql" for product "Postgresql" and version "9.0.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.0.2 Search vendor "Postgresql" for product "Postgresql" and version "9.0.2" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.0.3 Search vendor "Postgresql" for product "Postgresql" and version "9.0.3" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.0.4 Search vendor "Postgresql" for product "Postgresql" and version "9.0.4" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.0.5 Search vendor "Postgresql" for product "Postgresql" and version "9.0.5" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.0.6 Search vendor "Postgresql" for product "Postgresql" and version "9.0.6" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1 Search vendor "Postgresql" for product "Postgresql" and version "9.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.1 Search vendor "Postgresql" for product "Postgresql" and version "9.1.1" | - |
Affected
| ||||||
Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 9.1.2 Search vendor "Postgresql" for product "Postgresql" and version "9.1.2" | - |
Affected
|