CVE-2014-0067

CWE-2648 documents7 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 73.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postgresql Postgresql Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedMar 31

Latest updateMay 17

Description

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages5 packages

▶Ubuntupostgresql-9.1< 9.1.15-0ubuntu0.14.04

▶Ubuntupostgresql-9.3< 9.3.5-0ubuntu0.14.04.1

▶NVDpostgresql/postgresql8.4.19+56

▶NVDapple/mac_os_x10.10.4

▶NVDapple/mac_os_x_server5.0.3

🔴Vulnerability Details

GHSA

GHSA-gmhx-6jh3-87c2: The "make check" command for the test suites in PostgreSQL 9↗2022-05-17

▶

OSV

CVE-2014-0067: The "make check" command for the test suites in PostgreSQL 9↗2014-03-31

▶

CVEList

CVE-2014-0067: The "make check" command for the test suites in PostgreSQL 9↗2014-03-28

▶

📋Vendor Advisories

Red Hat

postgresql: Vulnerability during "make check"↗2014-02-17

▶

Apple

CVE-2014-0067: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

Apple

CVE-2014-0067: OS X Server v5.0.3↗

▶

💬Community

Bugzilla

CVE-2014-0067 postgresql: Vulnerability during "make check"↗2014-02-17

▶