>> PostgreSQL Privilege Escalation and Denial of Service Vulnerabilities
Title : PostgreSQL Privilege Escalation and Denial of Service Vulnerabilities VUPEN ID : VUPEN/ADV-2006-0605 CVE ID : CVE-2006-0553 - CVE-2006-0678
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-02-15
Technical Description
Two vulnerabilities were identified in PostgreSQL, which could be exploited by malicious users to cause a denial of service or obtain elevated privileges.
The first flaw is due to an error in the "SET ROLE" command when restoring the previous role setting after an error, which could be exploited by malicious authenticated users to gain superuser privileges.
The second issue is due to an error in the "SET SESSION AUTHORIZATION" command when the application has been compiled with Asserts enabled, which could be exploited by malicious users to cause a denial of service.
