Privilege Escalation via Improper Authentication Requirements in PostgreSQL Test Suites

Privilege Escalation via Improper Authentication Requirements in PostgreSQL Test Suites

CVE-2014-0067 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.