Lucene search

K

[email protected]CVE-2007-6601

HistoryJan 09, 2008 - 9:46 p.m.

CVE-2007-6601

2008-01-0921:46:00

CWE-287

[email protected]

web.nvd.nist.gov

41

cve-2007-6601

postgresql

dblink module

privilege escalation

nvd

security

vulnerability

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

65.6%

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.

CPENameOperatorVersion
postgresql:postgresqlpostgresqleq8.2
postgresql:postgresqlpostgresqllt7.3.21
postgresql:postgresqlpostgresqllt7.4.19
postgresql:postgresqlpostgresqllt8.0.15
postgresql:postgresqlpostgresqllt8.1.11
postgresql:postgresqlpostgresqllt8.2.6
debian:debian_linuxdebian debian linuxeq3.1
debian:debian_linuxdebian debian linuxeq4.0
fedoraproject:fedorafedoraproject fedoraeq8
fedoraproject:fedorafedoraproject fedoraeq7

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html

secunia.com/advisories/28359

secunia.com/advisories/28376

secunia.com/advisories/28437

secunia.com/advisories/28438

secunia.com/advisories/28445

secunia.com/advisories/28454

secunia.com/advisories/28455

secunia.com/advisories/28464

secunia.com/advisories/28477

secunia.com/advisories/28479

secunia.com/advisories/28679

secunia.com/advisories/28698

secunia.com/advisories/29638

security.gentoo.org/glsa/glsa-200801-15.xml

securitytracker.com/id?1019157

sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

www.debian.org/security/2008/dsa-1460

www.debian.org/security/2008/dsa-1463

www.mandriva.com/security/advisories?name=MDVSA-2008:004

www.postgresql.org/about/news.905

www.redhat.com/support/errata/RHSA-2008-0038.html

www.redhat.com/support/errata/RHSA-2008-0039.html

www.redhat.com/support/errata/RHSA-2008-0040.html

www.securityfocus.com/archive/1/485864/100/0/threaded

www.securityfocus.com/archive/1/486407/100/0/threaded

www.securityfocus.com/bid/27163

www.vupen.com/english/advisories/2008/0061

www.vupen.com/english/advisories/2008/0109

www.vupen.com/english/advisories/2008/1071/references

exchange.xforce.ibmcloud.com/vulnerabilities/39500

issues.rpath.com/browse/RPL-1768

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11127

usn.ubuntu.com/568-1/

www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

65.6%

Related for CVE-2007-6601

prion2 ubuntucve2 redhat3 nessus20 openvas38 postgresql1 veracode2 centos2 oraclelinux2 osv2 debian2 gentoo1 ubuntu1 securityvulns4 fedora2 cve1 suse1 freebsd1