PostgreSQL Local Privilege Escalation Vulnerability in Test Suites
CVE-2014-0067

Currently unrated

Key Information:

Vendor: Apple
Status: Mac Os X; Mac Os X Server
Vendor: CVE Published:; 31 March 2014

Summary

A vulnerability exists in PostgreSQL versions 9.3.3 and earlier due to improper invocation of the initdb command during test suite setups. This flaw allows local users to exploit the authentication requirements for the database cluster used in testing, potentially escalating their privileges within the system. This misconfiguration can lead to unauthorized access and manipulation of database functions, posing a risk to data integrity and system security. Users should ensure their PostgreSQL installations are updated and configured securely to mitigate these risks.

References

http://wiki.postgresql.org/wiki/20140220securityrelease

x_refsource_CONFIRM

http://www.debian.org/security/2014/dsa-2864

vendor-advisoryx_refsource_DEBIAN

http://www.postgresql.org/about/news/1506/

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 31, 2014
Vulnerability Reserved
Dec 3, 2013