Bug 593870 (CVE-2010-1975)

Summary: CVE-2010-1975 postgresql: improper privilege check during certain RESET ALL operations
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jlieskov, tgl
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-05 08:12:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 639928    
Bug Blocks:    

Description Vincent Danen 2010-05-19 22:01:26 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1975 to
the following vulnerability:

Name: CVE-2010-1975
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1975
Assigned: 20100519
Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-7-4-29.html
Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-8-0-25.html
Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-8-1-21.html
Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-8-2-17.html
Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-8-3-11.html
Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-8-4-4.html

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21,
8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not
properly check privileges during certain RESET ALL operations, which
allows remote authenticated users to remove arbitrary parameter
settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Comment 1 Vincent Danen 2010-05-19 22:04:08 UTC 
Statement:

This issue has been addressed in Red Hat Enterprise Linux 4 via
https://rhn.redhat.com/errata/RHSA-2010-0428.html

This issue has been addressed in Red Hat Enterprise Linux 5 via
https://rhn.redhat.com/errata/RHSA-2010-0429.html and
https://rhn.redhat.com/errata/RHSA-2010-0430.html

There is not plan to address this issue in the PostgreSQL packages as shipped with Red Hat Enterprise Linux 3.
Comment 4 Jan Lieskovsky 2010-05-20 08:22:00 UTC 
Upstream commit:

  [1] http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=a9dec915c5588f4ce8e7ef94fabe508c88e4a350