CVE Vulnerabilities

CVE-2014-0067

Published: Mar 31, 2014 | Modified: Dec 16, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
4.6 LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
LOW

The make check command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

Affected Software

Name Vendor Start Version End Version
Mac_os_x Apple 10.10.4 (including) 10.10.4 (including)
Mac_os_x_server Apple 5.0.3 (including) 5.0.3 (including)
Postgresql-8.4 Ubuntu lucid *
Postgresql-8.4 Ubuntu precise *
Postgresql-8.4 Ubuntu upstream *
Postgresql-9.1 Ubuntu precise *
Postgresql-9.1 Ubuntu quantal *
Postgresql-9.1 Ubuntu saucy *
Postgresql-9.1 Ubuntu trusty *
Postgresql-9.1 Ubuntu upstream *
Postgresql-9.3 Ubuntu trusty *
Postgresql-9.3 Ubuntu upstream *

References