MitreCVELIST:CVE-2007-3278CVE-2007-3278
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.
References
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
osvdb.org/40899
secunia.com/advisories/28376
secunia.com/advisories/28437
secunia.com/advisories/28438
secunia.com/advisories/28445
secunia.com/advisories/28454
secunia.com/advisories/28477
secunia.com/advisories/28479
secunia.com/advisories/28679
secunia.com/advisories/29638
security.gentoo.org/glsa/glsa-200801-15.xml
sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
www.debian.org/security/2008/dsa-1460
www.debian.org/security/2008/dsa-1463
www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt
www.mandriva.com/security/advisories?name=MDKSA-2007:188
www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf
www.redhat.com/support/errata/RHSA-2008-0038.html
www.redhat.com/support/errata/RHSA-2008-0039.html
www.redhat.com/support/errata/RHSA-2008-0040.html
www.securityfocus.com/archive/1/471541/100/0/threaded
www.securityfocus.com/archive/1/471644/100/0/threaded
www.vupen.com/english/advisories/2008/0109
www.vupen.com/english/advisories/2008/1071/references
exchange.xforce.ibmcloud.com/vulnerabilities/35142
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334
usn.ubuntu.com/568-1/
Related
