Candidate: CVE-2009-3230
PublicDate: 2009-09-17 10:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230
 https://ubuntu.com/security/notices/USN-834-1
Description:
 The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8,
 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before
 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and
 (2) RESET SESSION AUTHORIZATION operations, which allows remote
 authenticated users to gain privileges.  NOTE: this is due to an incomplete
 fix for CVE-2007-6600.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: pitti
CVSS: 

Patches_postgresql-8.1:
upstream_postgresql-8.1: released (8.1.18)
dapper_postgresql-8.1: released (8.1.18-0ubuntu0.6.06)
hardy_postgresql-8.1: DNE
intrepid_postgresql-8.1: DNE
jaunty_postgresql-8.1: DNE
devel_postgresql-8.1: DNE

Patches_postgresql-8.3:
upstream_postgresql-8.3: released (8.3.8)
dapper_postgresql-8.3: DNE
hardy_postgresql-8.3: released (8.3.8-0ubuntu8.04)
intrepid_postgresql-8.3: released (8.3.8-0ubuntu8.10)
jaunty_postgresql-8.3: released (8.3.8-0ubuntu9.04)
devel_postgresql-8.3: not-affected (8.3.8-1)