Lucene search

K

[email protected]CVE-2007-3278

HistoryJun 19, 2007 - 9:30 p.m.

CVE-2007-3278

2007-06-1921:30:00

CWE-264

[email protected]

web.nvd.nist.gov

43

postgresql

cve-2007-3278

security

remote attack

dblink

nvd

7.3 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

61.7%

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

CPENameOperatorVersion
postgresql:postgresqlpostgresqllt7.4.19
postgresql:postgresqlpostgresqllt8.0.15
postgresql:postgresqlpostgresqllt8.1.11
postgresql:postgresqlpostgresqllt8.2.6
postgresql:postgresqlpostgresqllt7.3.21
debian:debian_linuxdebian debian linuxeq3.1
debian:debian_linuxdebian debian linuxeq4.0

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

osvdb.org/40899

secunia.com/advisories/28376

secunia.com/advisories/28437

secunia.com/advisories/28438

secunia.com/advisories/28445

secunia.com/advisories/28454

secunia.com/advisories/28477

secunia.com/advisories/28479

secunia.com/advisories/28679

secunia.com/advisories/29638

security.gentoo.org/glsa/glsa-200801-15.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

www.debian.org/security/2008/dsa-1460

www.debian.org/security/2008/dsa-1463

www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:188

www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

www.redhat.com/support/errata/RHSA-2008-0038.html

www.redhat.com/support/errata/RHSA-2008-0039.html

www.redhat.com/support/errata/RHSA-2008-0040.html

www.securityfocus.com/archive/1/471541/100/0/threaded

www.securityfocus.com/archive/1/471644/100/0/threaded

www.vupen.com/english/advisories/2008/0109

www.vupen.com/english/advisories/2008/1071/references

exchange.xforce.ibmcloud.com/vulnerabilities/35142

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334

usn.ubuntu.com/568-1/

7.3 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

61.7%

Related for CVE-2007-3278

prion2 ubuntucve2 veracode1 cve1 redhat3 nessus13 openvas25 securityvulns3 centos2 osv2 debian2 gentoo1 oraclelinux1 ubuntu1