PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
24 Feb 2023, 15:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* |
|
References | (SECUNIA) http://secunia.com/advisories/28376 - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/1071/references - Permissions Required | |
References | (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 - Broken Link | |
References | (SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 - Broken Link | |
References | (UBUNTU) https://usn.ubuntu.com/568-1/ - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2008/dsa-1460 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/29638 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/28445 - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0038.html - Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2007:188 - Third Party Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/471541/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/28479 - Broken Link | |
References | (MISC) http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf - Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/0109 - Permissions Required | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/35142 - Third Party Advisory, VDB Entry | |
References | (MISC) http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/28437 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/28438 - Broken Link | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334 - Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0040.html - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2008/dsa-1463 - Third Party Advisory | |
References | (OSVDB) http://osvdb.org/40899 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/28477 - Broken Link | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/471644/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0039.html - Third Party Advisory | |
References | (GENTOO) http://security.gentoo.org/glsa/glsa-200801-15.xml - Third Party Advisory | |
References | (HP) http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/28679 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/28454 - Broken Link |
Information
Published : 2007-06-19 21:30
Updated : 2024-02-04 17:13
NVD link : CVE-2007-3278
Mitre link : CVE-2007-3278
CVE.ORG link : CVE-2007-3278
JSON object : View
Products Affected
postgresql
- postgresql
debian
- debian_linux
CWE
CWE-264
Permissions, Privileges, and Access Controls