PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Postgresql | Postgresql | 8.4.1 | 8.4.1 |
| Postgresql | Postgresql | 8.4.2 | 8.4.2 |
| Postgresql | Postgresql | 8.4.3 | 8.4.3 |
| Postgresql | Postgresql | 8.4.4 | 8.4.4 |
| Postgresql | Postgresql | 8.4.5 | 8.4.5 |
| Postgresql | Postgresql | 8.4.6 | 8.4.6 |
| Postgresql | Postgresql | 8.4.7 | 8.4.7 |
| Postgresql | Postgresql | 8.4.8 | 8.4.8 |
| Postgresql | Postgresql | 8.4.9 | 8.4.9 |
| Postgresql | Postgresql | 8.4.10 | 8.4.10 |
| Postgresql | Postgresql | 8.4.11 | 8.4.11 |
| Postgresql | Postgresql | 8.4.12 | 8.4.12 |
| Postgresql | Postgresql | 8.4.13 | 8.4.13 |
| Postgresql | Postgresql | 8.4.14 | 8.4.14 |
| Postgresql | Postgresql | 8.4.15 | 8.4.15 |
| Postgresql | Postgresql | 8.4.16 | 8.4.16 |
| Postgresql | Postgresql | 8.4.17 | 8.4.17 |
| Postgresql | Postgresql | 8.4.18 | 8.4.18 |
| Postgresql | Postgresql | * | 8.4.19 |
| Postgresql | Postgresql | 9.0 | 9.0 |
| Postgresql | Postgresql | 9.0.1 | 9.0.1 |
| Postgresql | Postgresql | 9.0.2 | 9.0.2 |
| Postgresql | Postgresql | 9.0.3 | 9.0.3 |
| Postgresql | Postgresql | 9.0.4 | 9.0.4 |
| Postgresql | Postgresql | 9.0.5 | 9.0.5 |
| Postgresql | Postgresql | 9.0.6 | 9.0.6 |
| Postgresql | Postgresql | 9.0.7 | 9.0.7 |
| Postgresql | Postgresql | 9.0.8 | 9.0.8 |
| Postgresql | Postgresql | 9.0.9 | 9.0.9 |
| Postgresql | Postgresql | 9.0.10 | 9.0.10 |
| Postgresql | Postgresql | 9.0.11 | 9.0.11 |
| Postgresql | Postgresql | 9.0.12 | 9.0.12 |
| Postgresql | Postgresql | 9.0.13 | 9.0.13 |
| Postgresql | Postgresql | 9.0.14 | 9.0.14 |
| Postgresql | Postgresql | 9.0.15 | 9.0.15 |
| Postgresql | Postgresql | 9.1 | 9.1 |
| Postgresql | Postgresql | 9.1.1 | 9.1.1 |
| Postgresql | Postgresql | 9.1.2 | 9.1.2 |
| Postgresql | Postgresql | 9.1.3 | 9.1.3 |
| Postgresql | Postgresql | 9.1.4 | 9.1.4 |
| Postgresql | Postgresql | 9.1.5 | 9.1.5 |
| Postgresql | Postgresql | 9.1.6 | 9.1.6 |
| Postgresql | Postgresql | 9.1.7 | 9.1.7 |
| Postgresql | Postgresql | 9.1.8 | 9.1.8 |
| Postgresql | Postgresql | 9.1.9 | 9.1.9 |
| Postgresql | Postgresql | 9.1.10 | 9.1.10 |
| Postgresql | Postgresql | 9.1.11 | 9.1.11 |
| Postgresql | Postgresql | 9.2 | 9.2 |
| Postgresql | Postgresql | 9.2.1 | 9.2.1 |
| Postgresql | Postgresql | 9.2.2 | 9.2.2 |
| Postgresql | Postgresql | 9.2.3 | 9.2.3 |
| Postgresql | Postgresql | 9.2.4 | 9.2.4 |
| Postgresql | Postgresql | 9.2.5 | 9.2.5 |
| Postgresql | Postgresql | 9.2.6 | 9.2.6 |
| Postgresql | Postgresql | 9.3 | 9.3 |
| Postgresql | Postgresql | 9.3.1 | 9.3.1 |
| Postgresql | Postgresql | 9.3.2 | 9.3.2 |
| CloudForms Management Engine 5.x | RedHat | cfme-0:5.2.3.2-1.el6cf | * |
| CloudForms Management Engine 5.x | RedHat | postgresql92-postgresql-0:9.2.7-1.1.el6 | * |
| CloudForms Management Engine 5.x | RedHat | prince-0:9.0r2-4.el6cf | * |
| CloudForms Management Engine 5.x | RedHat | ruby193-rubygem-actionpack-1:3.2.13-6.el6cf | * |
| Red Hat Enterprise Linux 5 | RedHat | postgresql84-0:8.4.20-1.el5_10 | * |
| Red Hat Enterprise Linux 5 | RedHat | postgresql-0:8.1.23-10.el5_10 | * |
| Red Hat Enterprise Linux 6 | RedHat | postgresql-0:8.4.20-1.el6_5 | * |
| Red Hat Software Collections for RHEL-6 | RedHat | postgresql92-postgresql-0:9.2.7-1.1.el6 | * |
| Postgresql-8.4 | Ubuntu | lucid | * |
| Postgresql-8.4 | Ubuntu | precise | * |
| Postgresql-8.4 | Ubuntu | upstream | * |
| Postgresql-9.1 | Ubuntu | precise | * |
| Postgresql-9.1 | Ubuntu | quantal | * |
| Postgresql-9.1 | Ubuntu | saucy | * |
| Postgresql-9.1 | Ubuntu | trusty | * |
| Postgresql-9.1 | Ubuntu | upstream | * |
| Postgresql-9.3 | Ubuntu | trusty | * |
| Postgresql-9.3 | Ubuntu | trusty/esm | * |
| Postgresql-9.3 | Ubuntu | upstream | * |