CVE-2007-3278

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
References
Link Resource
http://www.securityfocus.com/archive/1/471644/100/0/threaded Third Party Advisory VDB Entry
http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt Third Party Advisory
http://www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:188 Third Party Advisory
http://www.debian.org/security/2008/dsa-1460 Third Party Advisory
http://www.debian.org/security/2008/dsa-1463 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0038.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0039.html Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1 Broken Link
http://secunia.com/advisories/28376 Broken Link
http://secunia.com/advisories/28438 Broken Link
http://secunia.com/advisories/28445 Broken Link
http://secunia.com/advisories/28437 Broken Link
http://secunia.com/advisories/28454 Broken Link
http://secunia.com/advisories/28477 Broken Link
http://secunia.com/advisories/28479 Broken Link
http://security.gentoo.org/glsa/glsa-200801-15.xml Third Party Advisory
http://secunia.com/advisories/28679 Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0040.html Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1 Broken Link
http://secunia.com/advisories/29638 Broken Link
http://osvdb.org/40899 Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154 Third Party Advisory
http://www.vupen.com/english/advisories/2008/1071/references Permissions Required
http://www.vupen.com/english/advisories/2008/0109 Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/35142 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334 Third Party Advisory
https://usn.ubuntu.com/568-1/ Third Party Advisory
http://www.securityfocus.com/archive/1/471541/100/0/threaded Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Information

Published : 2007-06-19 09:30

Updated : 2023-02-24 03:35


NVD link : CVE-2007-3278

Mitre link : CVE-2007-3278

Products Affected
No products.
CWE