CVE-2010-1975
First published: Wed May 19 2010(Updated: )
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL Common | =7.4 | |
| PostgreSQL Common | =7.4.1 | |
| PostgreSQL Common | =7.4.2 | |
| PostgreSQL Common | =7.4.3 | |
| PostgreSQL Common | =7.4.4 | |
| PostgreSQL Common | =7.4.5 | |
| PostgreSQL Common | =7.4.6 | |
| PostgreSQL Common | =7.4.7 | |
| PostgreSQL Common | =7.4.8 | |
| PostgreSQL Common | =7.4.9 | |
| PostgreSQL Common | =7.4.10 | |
| PostgreSQL Common | =7.4.11 | |
| PostgreSQL Common | =7.4.12 | |
| PostgreSQL Common | =7.4.13 | |
| PostgreSQL Common | =7.4.14 | |
| PostgreSQL Common | =7.4.15 | |
| PostgreSQL Common | =7.4.16 | |
| PostgreSQL Common | =7.4.17 | |
| PostgreSQL Common | =7.4.18 | |
| PostgreSQL Common | =7.4.19 | |
| PostgreSQL Common | =7.4.20 | |
| PostgreSQL Common | =7.4.21 | |
| PostgreSQL Common | =7.4.22 | |
| PostgreSQL Common | =7.4.23 | |
| PostgreSQL Common | =7.4.24 | |
| PostgreSQL Common | =7.4.25 | |
| PostgreSQL Common | =7.4.26 | |
| PostgreSQL Common | =7.4.27 | |
| PostgreSQL Common | =7.4.28 | |
| PostgreSQL Common | =8.0 | |
| PostgreSQL Common | =8.0.0 | |
| PostgreSQL Common | =8.0.1 | |
| PostgreSQL Common | =8.0.2 | |
| PostgreSQL Common | =8.0.3 | |
| PostgreSQL Common | =8.0.4 | |
| PostgreSQL Common | =8.0.5 | |
| PostgreSQL Common | =8.0.6 | |
| PostgreSQL Common | =8.0.7 | |
| PostgreSQL Common | =8.0.8 | |
| PostgreSQL Common | =8.0.9 | |
| PostgreSQL Common | =8.0.10 | |
| PostgreSQL Common | =8.0.11 | |
| PostgreSQL Common | =8.0.12 | |
| PostgreSQL Common | =8.0.13 | |
| PostgreSQL Common | =8.0.14 | |
| PostgreSQL Common | =8.0.15 | |
| PostgreSQL Common | =8.0.16 | |
| PostgreSQL Common | =8.0.17 | |
| PostgreSQL Common | =8.0.18 | |
| PostgreSQL Common | =8.0.19 | |
| PostgreSQL Common | =8.0.20 | |
| PostgreSQL Common | =8.0.21 | |
| PostgreSQL Common | =8.0.22 | |
| PostgreSQL Common | =8.0.23 | |
| PostgreSQL Common | =8.0.24 | |
| PostgreSQL Common | =8.1 | |
| PostgreSQL Common | =8.1.0 | |
| PostgreSQL Common | =8.1.1 | |
| PostgreSQL Common | =8.1.2 | |
| PostgreSQL Common | =8.1.3 | |
| PostgreSQL Common | =8.1.4 | |
| PostgreSQL Common | =8.1.5 | |
| PostgreSQL Common | =8.1.6 | |
| PostgreSQL Common | =8.1.7 | |
| PostgreSQL Common | =8.1.8 | |
| PostgreSQL Common | =8.1.9 | |
| PostgreSQL Common | =8.1.10 | |
| PostgreSQL Common | =8.1.11 | |
| PostgreSQL Common | =8.1.12 | |
| PostgreSQL Common | =8.1.13 | |
| PostgreSQL Common | =8.1.14 | |
| PostgreSQL Common | =8.1.15 | |
| PostgreSQL Common | =8.1.16 | |
| PostgreSQL Common | =8.1.17 | |
| PostgreSQL Common | =8.1.18 | |
| PostgreSQL Common | =8.1.19 | |
| PostgreSQL Common | =8.1.20 | |
| PostgreSQL Common | =8.2 | |
| PostgreSQL Common | =8.2.1 | |
| PostgreSQL Common | =8.2.2 | |
| PostgreSQL Common | =8.2.3 | |
| PostgreSQL Common | =8.2.4 | |
| PostgreSQL Common | =8.2.5 | |
| PostgreSQL Common | =8.2.6 | |
| PostgreSQL Common | =8.2.7 | |
| PostgreSQL Common | =8.2.8 | |
| PostgreSQL Common | =8.2.9 | |
| PostgreSQL Common | =8.2.10 | |
| PostgreSQL Common | =8.2.11 | |
| PostgreSQL Common | =8.2.12 | |
| PostgreSQL Common | =8.2.13 | |
| PostgreSQL Common | =8.2.14 | |
| PostgreSQL Common | =8.2.15 | |
| PostgreSQL Common | =8.2.16 | |
| PostgreSQL Common | =8.3 | |
| PostgreSQL Common | =8.3.1 | |
| PostgreSQL Common | =8.3.2 | |
| PostgreSQL Common | =8.3.3 | |
| PostgreSQL Common | =8.3.4 | |
| PostgreSQL Common | =8.3.5 | |
| PostgreSQL Common | =8.3.6 | |
| PostgreSQL Common | =8.3.7 | |
| PostgreSQL Common | =8.3.8 | |
| PostgreSQL Common | =8.3.9 | |
| PostgreSQL Common | =8.3.10 | |
| PostgreSQL Common | =8.4 | |
| PostgreSQL Common | =8.4.1 | |
| PostgreSQL Common | =8.4.2 | |
| PostgreSQL Common | =8.4.3 | |
| PostgreSQL Common | =9.0.0-beta1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://marc.info/?l=bugtraq&m=134124585221119&w=2
- http://secunia.com/advisories/39939
- http://www.debian.org/security/2010/dsa-2051
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:103
- http://www.postgresql.org/docs/current/static/release-7-4-29.html
- http://www.postgresql.org/docs/current/static/release-8-0-25.html
- http://www.postgresql.org/docs/current/static/release-8-1-21.html
- http://www.postgresql.org/docs/current/static/release-8-2-17.html
- http://www.postgresql.org/docs/current/static/release-8-3-11.html
- http://www.postgresql.org/docs/current/static/release-8-4-4.html
- http://www.securityfocus.com/bid/40304
- http://www.vupen.com/english/advisories/2010/1207
- http://www.vupen.com/english/advisories/2010/1221
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004
Frequently Asked Questions
What is the severity of CVE-2010-1975?
CVE-2010-1975 has been classified as a medium severity vulnerability due to improper privilege checks in PostgreSQL.
How do I fix CVE-2010-1975?
To fix CVE-2010-1975, upgrade PostgreSQL to version 7.4.29, 8.0.25, 8.1.21, 8.2.17, 8.3.11, or 8.4.4 or later.
Which versions of PostgreSQL are affected by CVE-2010-1975?
Affected versions include PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, and several others listed.
What kind of attacks can exploit CVE-2010-1975?
CVE-2010-1975 can be exploited by remote authenticated users to remove arbitrary parameter settings, potentially affecting application behavior.
Are there any workarounds for CVE-2010-1975?
While there are no specific workarounds, disabling affected user privileges may mitigate some risk until an upgrade is performed.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/postgresql
- canonical/postgresql common
- version/postgresql common/7.4
- version/postgresql common/7.4.1
- version/postgresql common/7.4.2
- version/postgresql common/7.4.3
- version/postgresql common/7.4.4
- version/postgresql common/7.4.5
- version/postgresql common/7.4.6
- version/postgresql common/7.4.7
- version/postgresql common/7.4.8
- version/postgresql common/7.4.9
- version/postgresql common/7.4.10
- version/postgresql common/7.4.11
- version/postgresql common/7.4.12
- version/postgresql common/7.4.13
- version/postgresql common/7.4.14
- version/postgresql common/7.4.15
- version/postgresql common/7.4.16
- version/postgresql common/7.4.17
- version/postgresql common/7.4.18
- version/postgresql common/7.4.19
- version/postgresql common/7.4.20
- version/postgresql common/7.4.21
- version/postgresql common/7.4.22
- version/postgresql common/7.4.23
- version/postgresql common/7.4.24
- version/postgresql common/7.4.25
- version/postgresql common/7.4.26
- version/postgresql common/7.4.27
- version/postgresql common/7.4.28
- version/postgresql common/8.0
- version/postgresql common/8.0.0
- version/postgresql common/8.0.1
- version/postgresql common/8.0.2
- version/postgresql common/8.0.3
- version/postgresql common/8.0.4
- version/postgresql common/8.0.5
- version/postgresql common/8.0.6
- version/postgresql common/8.0.7
- version/postgresql common/8.0.8
- version/postgresql common/8.0.9
- version/postgresql common/8.0.10
- version/postgresql common/8.0.11
- version/postgresql common/8.0.12
- version/postgresql common/8.0.13
- version/postgresql common/8.0.14
- version/postgresql common/8.0.15
- version/postgresql common/8.0.16
- version/postgresql common/8.0.17
- version/postgresql common/8.0.18
- version/postgresql common/8.0.19
- version/postgresql common/8.0.20
- version/postgresql common/8.0.21
- version/postgresql common/8.0.22
- version/postgresql common/8.0.23
- version/postgresql common/8.0.24
- version/postgresql common/8.1
- version/postgresql common/8.1.0
- version/postgresql common/8.1.1
- version/postgresql common/8.1.2
- version/postgresql common/8.1.3
- version/postgresql common/8.1.4
- version/postgresql common/8.1.5
- version/postgresql common/8.1.6
- version/postgresql common/8.1.7
- version/postgresql common/8.1.8
- version/postgresql common/8.1.9
- version/postgresql common/8.1.10
- version/postgresql common/8.1.11
- version/postgresql common/8.1.12
- version/postgresql common/8.1.13
- version/postgresql common/8.1.14
- version/postgresql common/8.1.15
- version/postgresql common/8.1.16
- version/postgresql common/8.1.17
- version/postgresql common/8.1.18
- version/postgresql common/8.1.19
- version/postgresql common/8.1.20
- version/postgresql common/8.2
- version/postgresql common/8.2.1
- version/postgresql common/8.2.2
- version/postgresql common/8.2.3
- version/postgresql common/8.2.4
- version/postgresql common/8.2.5
- version/postgresql common/8.2.6
- version/postgresql common/8.2.7
- version/postgresql common/8.2.8
- version/postgresql common/8.2.9
- version/postgresql common/8.2.10
- version/postgresql common/8.2.11
- version/postgresql common/8.2.12
- version/postgresql common/8.2.13
- version/postgresql common/8.2.14
- version/postgresql common/8.2.15
- version/postgresql common/8.2.16
- version/postgresql common/8.3
- version/postgresql common/8.3.1
- version/postgresql common/8.3.2
- version/postgresql common/8.3.3
- version/postgresql common/8.3.4
- version/postgresql common/8.3.5
- version/postgresql common/8.3.6
- version/postgresql common/8.3.7
- version/postgresql common/8.3.8
- version/postgresql common/8.3.9
- version/postgresql common/8.3.10
- version/postgresql common/8.4
- version/postgresql common/8.4.1
- version/postgresql common/8.4.2
- version/postgresql common/8.4.3
- version/postgresql common/9.0.0-beta1