CVE-2012-0866

N/A Unknown

Published: July 18, 2012 Modified: April 29, 2026

Description

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0677.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0678.html

Source: secalert@redhat.com

http://secunia.com/advisories/49272

Source: secalert@redhat.com

http://secunia.com/advisories/49273

Source: secalert@redhat.com

http://www.debian.org/security/2012/dsa-2418

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2012:026

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2012:027

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2012:092

Source: secalert@redhat.com

http://www.postgresql.org/about/news/1377/

Source: secalert@redhat.com

Vendor Advisory

http://www.postgresql.org/docs/8.3/static/release-8-3-18.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/8.4/static/release-8-4-11.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/9.0/static/release-9-0-7.html

Source: secalert@redhat.com

http://www.postgresql.org/docs/9.1/static/release-9-1-3.html

Source: secalert@redhat.com

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-0677.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-0678.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/49272

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/49273

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2012/dsa-2418

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2012:026

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2012:027

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2012:092

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/about/news/1377/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.postgresql.org/docs/8.3/static/release-8-3-18.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/8.4/static/release-8-4-11.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/9.0/static/release-9-0-7.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/docs/9.1/static/release-9-1-3.html

Source: af854a3a-2127-422b-91ae-364da2661108

30 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

3.6%

88th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

postgresql

Related CVEs

CVE-2026-57346 7.1

CVE-2026-25707 8.8

CVE-2026-13601 7.1

CVE-2026-13557 4.3

CVE-2026-13556 4.3