{
  "threat_severity" : "Moderate",
  "public_date" : "2014-02-17T00:00:00Z",
  "bugzilla" : {
    "description" : "postgresql: privilege escalation via procedural language validator functions",
    "id" : "1065220",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1065220"
  },
  "cvss" : {
    "cvss_base_score" : "6.5",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions." ],
  "acknowledgement" : "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Andres Freund as the original reporter.",
  "affected_release" : [ {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "cfme-0:5.2.3.2-1.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "postgresql92-postgresql-0:9.2.7-1.1.el6"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "prince-0:9.0r2-4.el6cf"
  }, {
    "product_name" : "CloudForms Management Engine 5.x",
    "release_date" : "2014-05-12T00:00:00Z",
    "advisory" : "RHSA-2014:0469",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5::el6",
    "package" : "ruby193-rubygem-actionpack-1:3.2.13-6.el6cf"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-02-25T00:00:00Z",
    "advisory" : "RHSA-2014:0211",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "postgresql84-0:8.4.20-1.el5_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-03-04T00:00:00Z",
    "advisory" : "RHSA-2014:0249",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "postgresql-0:8.1.23-10.el5_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-02-25T00:00:00Z",
    "advisory" : "RHSA-2014:0211",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "postgresql-0:8.4.20-1.el6_5"
  }, {
    "product_name" : "Red Hat Software Collections for RHEL-6",
    "release_date" : "2014-02-27T00:00:00Z",
    "advisory" : "RHSA-2014:0221",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "postgresql92-postgresql-0:9.2.7-1.1.el6"
  } ],
  "package_state" : [ {
    "product_name" : "CloudForms Management Engine 5",
    "fix_state" : "Will not fix",
    "package_name" : "postgresql",
    "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-0061\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0061" ],
  "name" : "CVE-2014-0061",
  "csaw" : false
}