Lucene search

[email protected]CVE-2007-3279

HistoryJun 19, 2007 - 9:30 p.m.

CVE-2007-3279

2007-06-1921:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

postgresql

pl/pgsql

cve-2007-3279

security vulnerability

remote attack

intrusion detection

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.021 Low

EPSS

Percentile

89.2%

JSON

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.

CPENameOperatorVersion
postgresql:postgresqlpostgresqleq8.1

CPE	Name	Operator	Version
postgresql:postgresql	postgresql	eq	8.1

References

osvdb.org/40900

www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:188

www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

www.securityfocus.com/archive/1/471541/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/35144

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for CVE-2007-3279

prion1 redhatcve1 ubuntucve1 nessus1 securityvulns2 openvas2