FKIE_CVE-2014-0062
Vulnerability from fkie_nvd - Published: 2014-03-31 14:58 - Updated: 2025-04-12 10:46
Severity ?
Summary
Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "140CD969-F690-4776-8761-1868D9032766",
"versionEndIncluding": "8.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C991F71-1E27-47A6-97DC-424FC3EF6011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5740C7AA-1772-41D8-9851-3E3669CD8521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "970338CD-A680-4DD0-BD27-459B0DDA4002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A99C579D-44C0-40A4-A4EB-CBCF40D0C2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9E57FA-5EAE-4698-992D-146C6310E0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C66CDEC1-FB2E-49B7-A8BE-38E43C8ED652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87DF2937-9C51-4768-BAB1-901BCA636ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "515C0ECD-2D95-4B6E-8E2F-DAF94E4A310F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0EB754-7A71-40FA-9EAD-44914EB758C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1089D316-D5A3-4F2D-9E52-57FD626A1D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F17D9158-E85A-4436-9180-E8546CF8F290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "64CBBE6E-8FDA-46AD-96A9-8C6CFFE97ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A0D13E-6B06-42E9-BEB9-C8FCC3A4E2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AB79FB06-4712-4DE8-8C0B-5CEE8530828D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7054A3D4-8C52-4636-B135-1078B8DF1D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6763B2A-00C4-4AAB-8769-9AAEE4BAA603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5618200C-91E9-4501-8585-039A4629E072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD7B25B-F29A-4B73-B63B-F00DD9E9BC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD4DE67-9E3C-4F79-8AAB-344C1C46C618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB718D2-97AA-4D61-AA4B-2216EEF55F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "605C06BF-54A0-40F8-A01E-8641B4A83035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1F5B75-78D5-408E-8148-CA23DCED9CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "88DE8C27-0E0A-4428-B25D-054D4FC6FEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F609DDE4-0858-4F83-B8E6-7870196E21CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "349F02AF-013E-4264-9717-010293A3D6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "047926F2-846A-4870-9640-9A4F2804D71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0165D8-0BFA-4D46-95A3-45A03DC086FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6CF6A0-43DC-4C64-A3C4-01EB36F6672B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8251C0-9CAE-4608-BC11-75646A601408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AC024E5D-122D-4E3D-AD24-759AB5940F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "723336B5-405A-4236-A507-2C26E591CF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9E11A8-2B28-4A6B-BC04-4C556CFA2B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "32EF44F0-183E-4375-849A-2E6CD65D395F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "380657D1-F847-4D71-B0C7-D055117E49E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796DBEC-FF4F-4749-90D5-AD83D8B5E086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79108278-D644-4506-BD9C-F464C6E817B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10CF0AA0-41CD-4D50-BA7A-BF8846115C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "965E1A9D-BB23-4C0B-A9CA-54A1855055B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F37C66-0AFE-4D59-8867-BDBCE656774E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE53AE6-232C-4068-98D1-7749007C3CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD38139-FD17-41E7-8D10-7731D8203CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC0B41F-38FF-4D41-9E31-D666A84BB2FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A591CB08-5CEB-45EB-876F-417DCD60AF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B79735-4CF5-4038-9FC4-12A58790B15A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0A74DAF9-516D-44BC-B09A-73395EF72873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B58318BE-FB71-4183-A1F4-5FD207885A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD27648F-E2FF-4779-97F9-2632DCC6B16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEFB4916-8B59-4534-804C-CF9DA1B18508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3413A3AB-45A3-48E1-9B30-1194C4E7D49D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5760CE83-4802-42A0-9338-E1E634882450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B41009E-4028-4D82-B8D0-8B949EDC0A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "832F3EBE-A92C-4FB3-BF3C-0E7B750F966B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1571EE80-55A6-4F91-909B-C46BA19EC76F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B890251-95EB-44F3-A6A7-F718F3C807B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E5BD02-8C3D-4687-88DE-1C00366270E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:9.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "709F5DF9-9F3A-42C3-890B-521B13118C0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window."
},
{
"lang": "es",
"value": "La condici\u00f3n de carrera en los comandos (1) CREATE INDEX y (2) ALTER TABLE no especificado en PostgreSQL anterior a 8.4.20, 9.0.x anterior a 9.0.16, 9.1.x anterior a 9.1.12, 9.2.x anterior a 9.2.7 y 9.3.x anterior a 9.3.3 permite a usuarios remotos autenticados crear un indice no autorizado o leer porciones de tablas no autorizadas mediante la creaci\u00f3n o eliminaci\u00f3n de una tabla con el mismo nombre durante la ventana de tiempo."
}
],
"id": "CVE-2014-0062",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-31T14:58:15.397",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"source": "secalert@redhat.com",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0211.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0221.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0249.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61307"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT6448"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://wiki.postgresql.org/wiki/20140220securityrelease"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2864"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-2865"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.postgresql.org/about/news/1506/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/65727"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2120-1"
},
{
"source": "secalert@redhat.com",
"url": "https://support.apple.com/kb/HT6536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0211.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0221.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0249.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT6448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://wiki.postgresql.org/wiki/20140220securityrelease"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.postgresql.org/about/news/1506/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2120-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT6536"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…