PostgreSQL CVE-2014-0062 Security Bypass Vulnerability

Description: Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

Impact: Successful exploits may allow an attacker to bypass certain security restrictions and perform unauthorized actions, which may lead to further attacks. Versions prior to PostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, and 8.4.20 are vulnerable.

Mitigation: Updates are available. Please see the references or vendor advisory for more information.

Reference URL’s:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062
• http://www.securityfocus.com/bid/65727/info
• http://wiki.postgresql.org/wiki/20140220securityrelease
• https://www.postgresql.org/about/news/1506/
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Recommended Posts

Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

02 Oct 2022 - Security Advisories & Alerts

North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks

01 Oct 2022 - Security Advisories & Alerts

Microsoft confirms two Exchange Server zero days are being used in cyberattacks

01 Oct 2022 - News, Security Advisories & Alerts