SecuritySpace - CVE-2014-0067

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID:	CVE-2014-0067
Description:	The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
Test IDs:	1.3.6.1.4.1.25623.1.1.1.2.2014.0019 1.3.6.1.4.1.25623.1.0.804711
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0067 65721 http://www.securityfocus.com/bid/65721 APPLE-SA-2015-08-13-2 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html APPLE-SA-2015-09-16-4 http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html DSA-2864 http://www.debian.org/security/2014/dsa-2864 DSA-2865 http://www.debian.org/security/2014/dsa-2865 http://wiki.postgresql.org/wiki/20140220securityrelease http://wiki.postgresql.org/wiki/20140220securityrelease http://www.postgresql.org/about/news/1506/ http://www.postgresql.org/about/news/1506/ https://support.apple.com/HT205219 https://support.apple.com/HT205219 https://support.apple.com/kb/HT205031 https://support.apple.com/kb/HT205031 openSUSE-SU-2014:0345 http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html openSUSE-SU-2014:0368 http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html