Lucene search

[email protected]CVE-2007-3280

HistoryJun 19, 2007 - 9:30 p.m.

CVE-2007-3280

2007-06-1921:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

postgresql

8.1

dblink

remote code execution

security vulnerability

6.8 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.1%

JSON

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

CPENameOperatorVersion
postgresql:postgresqlpostgresqleq8.1

CPE	Name	Operator	Version
postgresql:postgresql	postgresql	eq	8.1

References

osvdb.org/40901

www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:188

www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

www.securityfocus.com/archive/1/471541/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/35145

6.8 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for CVE-2007-3280

prion1 exploitdb1 redhatcve1 ubuntucve1 nessus1 securityvulns2 openvas2