Lucene search

K

PRIOn knowledge basePRION:CVE-2007-3278

HistoryJun 19, 2007 - 9:30 p.m.

Sql injection

2007-06-1921:30:00

PRIOn knowledge base

www.prio-n.com

6

7.6 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

64.7%

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

CPENameOperatorVersion
debian_linuxeq3.1
debian_linuxeq4.0
postgresqlge7.4
postgresqllt7.4.19
postgresqlge8.0
postgresqllt8.0.15
postgresqlge8.1
postgresqllt8.1.11
postgresqlge8.2
postgresqllt8.2.6

Rows per page:

1-10 of 121

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154

osvdb.org/40899

secunia.com/advisories/28376

secunia.com/advisories/28437

secunia.com/advisories/28438

secunia.com/advisories/28445

secunia.com/advisories/28454

secunia.com/advisories/28477

secunia.com/advisories/28479

secunia.com/advisories/28679

secunia.com/advisories/29638

security.gentoo.org/glsa/glsa-200801-15.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1

www.debian.org/security/2008/dsa-1460

www.debian.org/security/2008/dsa-1463

www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:188

www.portcullis.co.uk/uplds/whitepapers/Having_Fun_With_PostgreSQL.pdf

www.redhat.com/support/errata/RHSA-2008-0038.html

www.redhat.com/support/errata/RHSA-2008-0039.html

www.redhat.com/support/errata/RHSA-2008-0040.html

www.securityfocus.com/archive/1/471541/100/0/threaded

www.securityfocus.com/archive/1/471644/100/0/threaded

www.vupen.com/english/advisories/2008/0109

www.vupen.com/english/advisories/2008/1071/references

exchange.xforce.ibmcloud.com/vulnerabilities/35142

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10334

usn.ubuntu.com/568-1/

7.6 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

64.7%

Related for PRION:CVE-2007-3278

cve2 ubuntucve2 veracode1 prion1 redhat3 nessus13 openvas25 securityvulns3 centos2 osv2 debian2 gentoo1 oraclelinux1 ubuntu1