Main Vulnerability Database Vulnerabilities #VU111760

#VU111760 Improper privilege management in PostgreSQL - CVE-2007-6600

Published: June 23, 2025

Vulnerability identifier: #VU111760

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2007-6600

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PostgreSQL

Software vendor:
PostgreSQL Global Development Group

Description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due software users superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions. A remote user can escalate privileges within the database.

Remediation

Install updates from vendor's website.

External links

https://www.postgresql.org/docs/release/7.4.19/
https://www.postgresql.org/docs/release/8.0.15/
https://www.postgresql.org/docs/release/8.1.11/
https://www.postgresql.org/docs/release/8.2.6/

#VU111760 Improper privilege management in PostgreSQL - CVE-2007-6600

Description

Remediation

External links

Please verify you're human