| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in PostgreSQL 8.4/9.0. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component Role Handler. This manipulation causes access control (Revoke Access). This vulnerability is tracked as CVE-2014-0060. No exploit exists. Upgrading the affected component is advised.
Details
A vulnerability has been found in PostgreSQL 8.4/9.0 (Database Software) and classified as problematic. Affected by this vulnerability is an unknown function of the component Role Handler. The manipulation with an unknown input leads to a access control vulnerability (Revoke Access). The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect availability. The summary by CVE is:
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
The weakness was disclosed 02/20/2014 by Noah Misch as 20140220securityrelease as confirmed advisory (Website). The advisory is shared at wiki.postgresql.org. The public release has been coordinated in cooperation with the project team. This vulnerability is known as CVE-2014-0060 since 12/03/2013. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 72697 (Oracle Linux 5 / 6 : postgresql / postgresql84 (ELSA-2014-0211)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Oracle Linux Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 350440 (Amazon Linux Security Advisory for postgresql8: ALAS-2014-305).
Upgrading to version 9.3.3, 9.2.7, 9.1.12, 9.0.16 or 8.4.20 eliminates this vulnerability. The upgrade is hosted for download at postgresql.org. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 16290.
The vulnerability is also documented in the databases at X-Force (91277), Tenable (72697), SecurityFocus (BID 65723†), Secunia (SA57054†) and Vulnerability Center (SBV-46137†). The entries VDB-12398, VDB-12400, VDB-12401 and VDB-12402 are pretty similar. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Name
Version
License
Website
- Product: https://www.postgresql.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 4.6
VulDB Base Score: 5.3
VulDB Temp Score: 4.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Name: Revoke AccessClass: Access control / Revoke Access
CWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 72697
Nessus Name: Oracle Linux 5 / 6 : postgresql / postgresql84 (ELSA-2014-0211)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 702864
OpenVAS Name: Debian Security Advisory DSA 2864-1 (postgresql-8.4 - several vulnerabilities
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: PostgreSQL 9.3.3/9.2.7/9.1.12/9.0.16/8.4.20
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
Fortigate IPS: 🔍
Timeline
12/03/2013 🔍02/17/2014 🔍
02/17/2014 🔍
02/20/2014 🔍
02/21/2014 🔍
02/24/2014 🔍
02/26/2014 🔍
03/31/2014 🔍
09/18/2014 🔍
06/09/2021 🔍
Sources
Product: postgresql.orgAdvisory: 20140220securityrelease
Researcher: Noah Misch
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2014-0060 (🔍)
GCVE (CVE): GCVE-0-2014-0060
GCVE (VulDB): GCVE-100-12397
OVAL: 🔍
IAVM: 🔍
X-Force: 91277 - PostgreSQL roles denial of service, Medium Risk
SecurityFocus: 65723 - PostgreSQL CVE-2014-0060 Security Bypass Vulnerability
Secunia: 57054 - PostgreSQL Multiple Vulnerabilities, Less Critical
Vulnerability Center: 46137 - PostgreSQL Remote Security Bypass Vulnerability via Calling the SET ROLE Command - CVE-2014-0060, Medium
See also: 🔍
Entry
Created: 02/24/2014 14:07Updated: 06/09/2021 19:26
Changes: 02/24/2014 14:07 (87), 06/06/2017 08:30 (8), 06/09/2021 19:26 (3)
Complete: 🔍
Committer:
Cache ID: 216:9BA:103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.