Lucene search

K

[email protected]NVD:CVE-2007-3280

HistoryJun 19, 2007 - 9:30 p.m.

CVE-2007-3280

2007-06-1921:30:00

[email protected]

web.nvd.nist.gov

3

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.017

Percentile

87.8%

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

Affected configurations

Nvd

Node

postgresqlpostgresqlMatch8.1

References

osvdb.org/40901

www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:188

www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

www.securityfocus.com/archive/1/471541/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/35145

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.017

Percentile

87.8%

Related for NVD:CVE-2007-3280

prion1 metasploit1 exploitdb1 ubuntucve1 cvelist1 redhatcve1 cve1 nessus1 securityvulns2 openvas2